Performance Analysis of Anti-Phishing Tools and Study of Classification Data Mining Algorithms for a Novel Anti-Phishing System

The term Phishing is a kind of spoofing website which is used for stealing sensitive and important information of the web user such as online banking passwords, credit card information and user’s password etc. In the phishing attack, the attacker generates the warning message to the user about the security issues, ask for confidential information through phishing emails, ask to update the user’s account information etc. Several experimental design considerations have been proposed earlier to countermeasure the phishing attack. The earlier systems are not giving more than 90 percentage successful results. In some cases, the system tool gives only 50-60 percentage successful result. In this paper, a novel algorithm is developed to check the performance of the anti-phishing system and compared the received data set with the data set of existing anti-phishing tools. The performance evaluation of novel anti-phishing system is studied with four different classification data mining algorithms which are Class Imbalance Problem (CIP), Rule based Classifier (Sequential Covering Algorithm (SCA)), Nearest Neighbour Classification (NNC), Bayesian Classifier (BC) on the data set of phishing and legitimate websites. The proposed system shows less error rate and better performance as compared to other existing system tools.

[1]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[2]  Sirkka L. Jarvenpaa,et al.  Perils of Internet fraud: an empirical investigation of deception and trust with experienced Internet consumers , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[3]  Shuai Ding,et al.  LARX: Large-Scale Anti-Phishing by Retrospective Data-Exploring Based on a Cloud Computing Platform , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[4]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[5]  Huajun Huang,et al.  Browser-Side Countermeasures for Deceptive Phishing Attack , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[6]  L. Rajamani,et al.  Deceptive phishing detection system: From audio and text messages in Instant Messengers using Data Mining approach , 2012, International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME-2012).

[7]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[8]  Brian Ryner,et al.  Large-Scale Automatic Classification of Phishing Pages , 2010, NDSS.

[9]  Anthony Skjellum,et al.  High-performance content-based phishing attack detection , 2011, 2011 eCrime Researchers Summit.

[10]  David Gefen,et al.  The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online , 2010, Decis. Support Syst..

[11]  Shambhu J. Upadhyaya,et al.  PHONEY: mimicking user response to detect phishing attacks , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[12]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[13]  Ragib Hasan,et al.  Cloud Based Content Fetching: Using Cloud Infrastructure to Obfuscate Phishing Scam Analysis , 2012, 2012 IEEE Eighth World Congress on Services.

[14]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[15]  Fatemeh Zahedi,et al.  Impact of anti-phishing tool performance on attack success rates , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[16]  Malcolm Munro,et al.  An Anti-Phishing Approach that Uses Training Intervention for Phishing Websites Detection , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[17]  Fatemeh Zahedi,et al.  Interface Design Elements for Anti-phishing Systems , 2011, DESRIST.

[18]  Akira Yamada,et al.  Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[19]  Hsinchun Chen,et al.  A comparison of fraud cues and classification methods for fake escrow website detection , 2009, Inf. Technol. Manag..

[20]  M. Patrick Collins,et al.  Fishing for phishes: applying capture-recapture methods to estimate phishing populations , 2007, eCrime '07.

[21]  Stephen Groat,et al.  GoldPhish: Using Images for Content-Based Phishing Analysis , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[22]  Lorrie Faith Cranor,et al.  Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.

[23]  Stefan A. Robila,et al.  Don't be a phish: steps in user education , 2006, ITICSE '06.

[24]  Christopher Krügel,et al.  There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits , 2008, WOOT.

[25]  Malcolm Munro,et al.  An Approach to the Implementation of the Anti-Phishing Tool for Phishing Websites Detection , 2009, 2009 International Conference on Intelligent Networking and Collaborative Systems.

[26]  P. Shanthi,et al.  Anti-phishing detection of phishing attacks using genetic algorithm , 2010, 2010 INTERNATIONAL CONFERENCE ON COMMUNICATION CONTROL AND COMPUTING TECHNOLOGIES.