System Design, Investigation and Countermeasure of Phishing Attacks using Data Mining Classification Methods and its Analysis

The phishing is a kind of e-commerce lure which is intended to steal the confidential information of the internet user by making identical website of legitimate one in which the contents and images most likely remains similar to the legitimate website. The other way of phishing website is to do minor changes in the URL or in the domain of the website. In this paper, an anti-phishing system is proposed which is based on the development of the Add-on tool for the web browser. The performance of the proposed system is studied with four different data mining classification algorithms which are Class Imbalance Problem (CIP), Rule based Classifier (Sequential Covering Algorithm (SCA)), Nearest Neighbour Classification (NNC), Bayesian Classifier (BC). To evaluate the performance of the proposed anti-phishing system for the detection of phishing websites, we have collected 7690 legitimate websites and 2280 phishing websites from the authorised sources like APWG database and PhishTank. After the analysis of the anti-phishing system, more than 90 percentage successful results achieved at different time periods.

[1]  Weider D. Yu,et al.  PhishCatch - A Phishing Detection Tool , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[2]  Ragib Hasan,et al.  Cloud Based Content Fetching: Using Cloud Infrastructure to Obfuscate Phishing Scam Analysis , 2012, 2012 IEEE Eighth World Congress on Services.

[3]  Fatemeh Zahedi,et al.  Impact of anti-phishing tool performance on attack success rates , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[4]  Shuai Ding,et al.  LARX: Large-Scale Anti-Phishing by Retrospective Data-Exploring Based on a Cloud Computing Platform , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[5]  Ramana Rao Kompella,et al.  PhishNet: Predictive Blacklisting to Detect Phishing Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[6]  Jemal H. Abawajy,et al.  Profiling Phishing Email Based on Clustering Approach , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Youssef Iraqi,et al.  A novel Phishing classification based on URL features , 2011, 2011 IEEE GCC Conference and Exhibition (GCC).

[8]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[9]  V. Prasanna Venkatesan,et al.  A Framework for Predicting Phishing Websites using Neural Networks , 2011, ArXiv.

[10]  T. Balamuralikrishna,et al.  Mitigating Online Fraud by Ant phishing Model with URL & Image based Webpage Matching , 2012 .

[11]  Lorrie Faith Cranor,et al.  Phinding Phish: Evaluating Anti-Phishing Tools , 2006 .

[12]  Huajun Huang,et al.  Browser-Side Countermeasures for Deceptive Phishing Attack , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[13]  Tommy W. S. Chow,et al.  Textual and Visual Content-Based Anti-Phishing: A Bayesian Approach , 2011, IEEE Transactions on Neural Networks.

[14]  Zhijun Yan,et al.  A Classification Model for Detection of Chinese Phishing E-Business Websites , 2013, PACIS.

[15]  Yuefei Zhu,et al.  Improved two-factor authenticated key exchange protocol , 2011, Int. Arab J. Inf. Technol..

[16]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[17]  Hsinchun Chen,et al.  A comparison of fraud cues and classification methods for fake escrow website detection , 2009, Inf. Technol. Manag..

[18]  A. Sardana,et al.  A PageRank based detection technique for phishing web sites , 2012, 2012 IEEE Symposium on Computers & Informatics (ISCI).

[19]  L. Rajamani,et al.  Deceptive phishing detection system: From audio and text messages in Instant Messengers using Data Mining approach , 2012, International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME-2012).

[20]  Anthony Skjellum,et al.  High-performance content-based phishing attack detection , 2011, 2011 eCrime Researchers Summit.