“Phish mail guard: Phishing mail detection technique by using textual and URL analysis”

Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker. Phishing emails contains messages to lure victims into performing certain actions, such as clicking on a URL where a phishing website is hosted, or executing a malware code. Phishing has become the most popular practice among the criminals of the Web. Phishing attacks are becoming more frequent and sophisticated. URL and textual content analysis of email will results in a highly accurate anti phishing email classifier. We propose a technique where we consider the advantages of blacklist, white list and heuristic technique for increasing accuracy and reducing false positive rate. In heuristic technique we are using textual analysis and URL analysis of e-mail. Since most of the phishing mails have similar contents, our proposed method will increase the performance by analysing textual contents of mail and lexical URL analysis. It will detect phishing mail if DNS in actual link is present in blacklist. DNS is present in white list then it is considered as legitimate DNS. If it is not present in blacklist as well as white list then it is analyzed by using pattern matching with existing phishing DNS, contents found in mail and analysis of actual URL. With the help blacklist and white list we are avoiding detection time for phishing and legitimate email. At the same time we are decreasing false positive rate by combining features of DNS, textual content analysis of email and URL analysis.

[1]  Lawrence K. Saul,et al.  Identifying suspicious URLs: an application of large-scale online learning , 2009, ICML '09.

[2]  Weider D. Yu,et al.  PhishCatch - A Phishing Detection Tool , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[3]  Salma A. Ghoneim,et al.  PhishBlock: A hybrid anti-phishing tool , 2011, 2011 International Conference on Communications, Computing and Control Applications (CCCA).

[4]  Fergus Toolan,et al.  Feature selection for Spam and Phishing detection , 2010, 2010 eCrime Researchers Summit.

[5]  Gary Warner,et al.  Identifying vulnerable websites by analysis of common strings in phishing URLs , 2009, 2009 eCrime Researchers Summit.

[6]  Calton Pu,et al.  Evolutionary study of phishing , 2008, 2008 eCrime Researchers Summit.

[7]  Marie-Francine Moens,et al.  New filtering approaches for phishing email , 2010, J. Comput. Secur..

[8]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[9]  Musa A. Mammadov,et al.  Profiling Phishing Emails Based on Hyperlink Information , 2010, 2010 International Conference on Advances in Social Networks Analysis and Mining.

[10]  Jae-Kwang Lee,et al.  "Reminder: please update your details": Phishing Trends , 2009, 2009 First International Conference on Networks & Communications.

[11]  Huajun Huang,et al.  Browser-Side Countermeasures for Deceptive Phishing Attack , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[12]  Jarrod Trevathan,et al.  A Proactive Approach to Preventing Phishing Attacks Using Pshark , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[13]  Michalis Faloutsos,et al.  PhishDef: URL names say it all , 2010, 2011 Proceedings IEEE INFOCOM.

[14]  Gerhard Paass,et al.  Improved Phishing Detection using Model-Based Features , 2008, CEAS.

[15]  Simon Brown,et al.  Detecting Phishing Emails Using Hybrid Features , 2009, 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing.

[16]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.