An efficacious method for detecting phishing webpages through target domain identification

Abstract Phishing is a fraudulent act to acquire sensitive information from unsuspecting users by masking as a trustworthy entity in an electronic commerce. Several mechanisms such as spoofed e-mails, DNS spoofing and chat rooms which contain links to phishing websites are used to trick the victims. Though there are many existing anti-phishing solutions, phishers continue to lure the victims. In this paper, we present a novel approach that not only overcomes many of the difficulties in detecting phishing websites but also identifies the phishing target that is being mimicked. We have proposed an anti-phishing technique that groups the domains from hyperlinks having direct or indirect association with the given suspicious webpage. The domains gathered from the directly associated webpages are compared with the domains gathered from the indirectly associated webpages to arrive at a target domain set. On applying Target Identification (TID) algorithm on this set, we zero-in the target domain. We then perform third-party DNS lookup of the suspicious domain and the target domain and on comparison we identify the legitimacy of the suspicious page.

[1]  D. Das,et al.  PhishGuard: A browser plug-in for protection from phishing , 2008, 2008 2nd International Conference on Internet Multimedia Services Architecture and Applications.

[2]  Scott Dick,et al.  Detecting visually similar Web pages: Application to phishing detection , 2010, TOIT.

[3]  Indranil Bose,et al.  The impact of adoption of identity theft countermeasures on firm value , 2013, Decis. Support Syst..

[4]  Mohammad Zulkernine,et al.  Trustworthiness testing of phishing websites: A behavior model-based approach , 2012, Future Gener. Comput. Syst..

[5]  Gustavo Gonzalez Granadillo,et al.  Decisive Heuristics to Differentiate Legitimate from Phishing Sites , 2011, 2011 Conference on Network and Information Systems Security.

[6]  Gang Liu,et al.  Discovering phishing target based on semantic link network , 2010 .

[7]  Xiaotie Deng,et al.  Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[8]  Eric Medvet,et al.  Visual-similarity-based phishing detection , 2008, SecureComm.

[9]  Dahui Li,et al.  Fighting identity theft: The coping perspective , 2012, Decis. Support Syst..

[10]  Ramana Rao Kompella,et al.  PhishNet: Predictive Blacklisting to Detect Phishing Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[11]  Xi Chen,et al.  Assessing the severity of phishing attacks: A hybrid data mining approach , 2011, Decis. Support Syst..

[12]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[13]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[14]  Haining Wang,et al.  BogusBiter: A transparent protection against phishing attacks , 2010, TOIT.

[15]  Elisa Bertino,et al.  Using automated individual white-list to protect web digital identities , 2012, Expert Syst. Appl..

[16]  Kuan-Ta Chen,et al.  Fighting Phishing with Discriminative Keypoint Features , 2009, IEEE Internet Computing.

[17]  Michael McGill,et al.  Introduction to Modern Information Retrieval , 1983 .

[18]  Phillip A. Porras,et al.  Highly Predictive Blacklisting , 2008, USENIX Security Symposium.

[19]  Gang Liu,et al.  Antiphishing through Phishing Target Discovery , 2012, IEEE Internet Computing.

[20]  Jaana Kekäläinen,et al.  Cumulated gain-based evaluation of IR techniques , 2002, TOIS.

[21]  Jason I. Hong,et al.  A hybrid phish detection approach by identity discovery and keywords retrieval , 2009, WWW '09.