29 research outputs found
Intelligent phishing website detection system using fuzzy techniques.
Phishing websites are forged web pages that are created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information.
Detecting and identifying Phishing websites is really a complex and dynamic problem involving many factors and criteria, and
because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Logic model can be an effective
tool in assessing and identifying phishing websites than any other
traditional tool since it offers a more natural way of dealing with
quality factors rather than exact values. In this paper, we present
novel approach to overcome the `fuzziness¿ in traditional website phishing risk assessment and propose an intelligent resilient and effective model for detecting phishing websites. The proposed
model is based on FL operators which is used to characterize the
website phishing factors and indicators as fuzzy variables and
produces six measures and criteria¿s of website phishing attack
dimensions with a layer structure. Our experimental results
showed the significance and importance of the phishing website
criteria (URL & Domain Identity) represented by layer one, and
the variety influence of the phishing characteristic layers on the
final phishing website rate
Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach
Abstract. Many visual similarity-based phishing page detectors have been developed to detect phishing webpages, however, scammers now cre-ate polymorphic phishing pages to breach the defense of those detectors. We call this kind of countermeasure phishing page polymorphism. Poly-morphic pages are visually similar to genuine pages they try to mimic, but they use different representation techniques. It increases the level of difficulty to detect phishing pages. In this paper, we propose an effective detection mechanism to detect polymorphic phishing pages. In contrast to existing approaches, we analyze the layout of webpages rather than the HTML codes, colors, or content. Specifically, we compute the sim-ilarity degree of a suspect page and an authentic page through image processing techniques. Then, the degrees of similarity are ranked by a classifier trained to detect phishing pages. To verify the efficacy of our phishing detection mechanism, we collected 6, 750 phishing pages and 312 mimicked targets for the performance evaluation. The results show that our method achieves an excellent detection rate of 99.6%.
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
Phishing websites are still a major threat in today's Internet ecosystem.
Despite numerous previous efforts, similarity-based detection methods do not
offer sufficient protection for the trusted websites - in particular against
unseen phishing pages. This paper contributes VisualPhishNet, a new
similarity-based phishing detection framework, based on a triplet Convolutional
Neural Network (CNN). VisualPhishNet learns profiles for websites in order to
detect phishing websites by a similarity metric that can generalize to pages
with new visual appearances. We furthermore present VisualPhish, the largest
dataset to date that facilitates visual phishing detection in an ecologically
valid manner. We show that our method outperforms previous visual similarity
phishing detection approaches by a large margin while being robust against a
range of evasion attacks
Mitigation strategies against the phishing attacks : a systematic literature review
Phishing attacks are among the most prevalent attack mechanisms employed by attackers. The consequences of successful phishing include (and are not limited to) financial losses, impact on reputation, and identity theft. The paper presents a systematic literature review featuring 248 articles (from the beginning of 2018 until March 2023) across the main digital libraries to identify, (1) the existing mitigation strategies against phishing attacks, and the underlying technologies considered in the development of these strategies; (2) the most considered phishing vectors in the development of the mitigation strategies; (3) anti-phishing guidelines and recommendations for organizations and end-users respectively; and (4) gaps and open issues that exist in the state of the art. The paper advocates for the need to consider the abilities of human users during the design and development of the mitigation strategies as only technology-centric solutions will not suffice to cater to the challenges posed by phishing attacks
Recommended from our members
Phishing website detection using intelligent data mining techniques. Design and development of an intelligent association classification mining fuzzy based scheme for phishing website detection with an emphasis on E-banking.
Phishing techniques have not only grown in number, but also in sophistication. Phishers might
have a lot of approaches and tactics to conduct a well-designed phishing attack. The targets of
the phishing attacks, which are mainly on-line banking consumers and payment service
providers, are facing substantial financial loss and lack of trust in Internet-based services. In
order to overcome these, there is an urgent need to find solutions to combat phishing attacks.
Detecting phishing website is a complex task which requires significant expert knowledge and
experience. So far, various solutions have been proposed and developed to address these
problems. Most of these approaches are not able to make a decision dynamically on whether the
site is in fact phished, giving rise to a large number of false positives. This is mainly due to
limitation of the previously proposed approaches, for example depending only on fixed black
and white listing database, missing of human intelligence and experts, poor scalability and their
timeliness.
In this research we investigated and developed the application of an intelligent fuzzy-based
classification system for e-banking phishing website detection. The main aim of the proposed
system is to provide protection to users from phishers deception tricks, giving them the ability
to detect the legitimacy of the websites. The proposed intelligent phishing detection system
employed Fuzzy Logic (FL) model with association classification mining algorithms. The
approach combined the capabilities of fuzzy reasoning in measuring imprecise and dynamic
phishing features, with the capability to classify the phishing fuzzy rules. Different phishing experiments which cover all phishing attacks, motivations and deception
behaviour techniques have been conducted to cover all phishing concerns. A layered fuzzy
structure has been constructed for all gathered and extracted phishing website features and
patterns. These have been divided into 6 criteria and distributed to 3 layers, based on their attack
type. To reduce human knowledge intervention, Different classification and association
algorithms have been implemented to generate fuzzy phishing rules automatically, to be
integrated inside the fuzzy inference engine for the final phishing detection.
Experimental results demonstrated that the ability of the learning approach to identify all
relevant fuzzy rules from the training data set. A comparative study and analysis showed that
the proposed learning approach has a higher degree of predictive and detective capability than
existing models. Experiments also showed significance of some important phishing criteria like
URL & Domain Identity, Security & Encryption to the final phishing detection rate.
Finally, our proposed intelligent phishing website detection system was developed, tested and
validated by incorporating the scheme as a web based plug-ins phishing toolbar. The results
obtained are promising and showed that our intelligent fuzzy based classification detection
system can provide an effective help for real-time phishing website detection. The toolbar
successfully recognized and detected approximately 92% of the phishing websites selected from
our test data set, avoiding many miss-classified websites and false phishing alarms