Intelligent phishing detection system for e-banking using fuzzy data mining

Detecting and identifying any phishing websites in real-time, particularly for e-banking, is really a complex and dynamic problem involving many factors and criteria. Because of the subjective considerations and the ambiguities involved in the detection, fuzzy data mining techniques can be an effective tool in assessing and identifying phishing websites for e-banking since it offers a more natural way of dealing with quality factors rather than exact values. In this paper, we present novel approach to overcome the 'fuzziness' in the e-banking phishing website assessment and propose an intelligent resilient and effective model for detecting e-banking phishing websites. The proposed model is based on fuzzy logic combined with data mining algorithms to characterize the e-banking phishing website factors and to investigate its techniques by classifying the phishing types and defining six e-banking phishing website attack criteria's with a layer structure. Our experimental results showed the significance and importance of the e-banking phishing website criteria (URL & Domain Identity) represented by layer one and the various influence of the phishing characteristic on the final e-banking phishing website rate.

[1]  Jadzia Cendrowska,et al.  PRISM: An Algorithm for Inducing Modular Rules , 1987, Int. J. Man Mach. Stud..

[2]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[3]  J. Ross Quinlan,et al.  Improved Use of Continuous Attributes in C4.5 , 1996, J. Artif. Intell. Res..

[4]  Mehmed Kantardzic,et al.  Data-Mining Concepts , 2011 .

[5]  Lance James,et al.  Phishing exposed , 2005 .

[6]  Wynne Hsu,et al.  Integrating Classification and Association Rule Mining , 1998, KDD.

[7]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[8]  Cheng Wu,et al.  The continuity of Mamdani method , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[9]  Victor Ciesielski,et al.  Data Mining of Web Access Logs From an Academic Web Site , 2003, HIS.

[10]  Ronald L. Rivest,et al.  Lightweight Encryption for Email , 2005, SRUTI.

[11]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[12]  Tobias Scheffer,et al.  Finding association rules that trade support optimally against confidence , 2001, Intell. Data Anal..

[13]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[14]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[15]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[16]  Usama M. Fayyad,et al.  Mining Databases: Towards Algorithms for Knowledge Discovery , 1998, IEEE Data Eng. Bull..

[17]  Xiaotie Deng,et al.  Phishing Web page detection , 2005, Eighth International Conference on Document Analysis and Recognition (ICDAR'05).

[18]  Peter I. Cowling,et al.  MCAR: multi-class classification based on association rule , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[19]  Min Wu,et al.  Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[20]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[21]  Anders Persson Exploring Phishing Attacks and Countermeasures , 2007 .

[22]  Mehmed Kantardzic,et al.  Data Mining: Concepts, Models, Methods, and Algorithms , 2002 .

[23]  Ian Witten,et al.  Data Mining , 2000 .

[24]  Xiaotie Deng,et al.  Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[25]  Joshua D. Reiss,et al.  Fuzzy Impulsive Control of High-Order Interpolative Low-Pass Sigma–Delta Modulators , 2006, IEEE Transactions on Circuits and Systems I: Regular Papers.

[26]  Xiaotie Deng,et al.  An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.

[27]  Peter I. Cowling,et al.  MMAC: a new multi-class, multi-label associative classification approach , 2004, Fourth IEEE International Conference on Data Mining (ICDM'04).

[28]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[29]  George Karypis,et al.  Centroid-Based Document Classification: Analysis and Experimental Results , 2000, PKDD.