An Anti-Phishing Kit Scheme for Secure Web Transactions

A. A. Orunsolu, A. S. Sodiya

Abstract

In this work, an anti-phishing approach was proposed against phishing pages generated by phishing kits. The architecture consists of a Sorter Module (SM) and Signature Detection Module (SDM). The SM is used to separate pages with login attributes and obfuscated scripts from other pages within the system. These sorted pages are fed into the SDM, where the signature of the suspicious page is generated. In SDM, a two-tier classifier is employed to generate phishing label based on signature analysis. Experimental results of the approach indicated a detection accuracy of 100% on specific phishing kit-generated sites and 98% on general phishing/legitimate data. To determine the detection time of the approach, latency analysis of the system was performed. The results indicated a latency 0.3s and standard deviation of 0.367s for the various operations performed by the system during detection. Thus, the approach effectively detects phishing pages by using ‘fingerprints’ from phishing kits.

References

  1. Ajaya, N., R Luthfor, M., Nitesh, S. & Leane, H., 2015. A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warning. Proceedings of CCS.
  2. Aparna, S. & Muniasamy, K., 2015. Phish Indicator: An Indication for Phishing Sites. Artificial Intelligence and Evolutionary Algorithms in Engineering Systems.
  3. APWG, 2016. APWG Security Report, s.l.: s.n.
  4. Cova, M., Kruegel, C. & Vigna, G., 2008. There is No Free Phish: An Analysis of "Free" and Live Phishing Kits. s.l., USENIX Workshop on Offensive Technologies.
  5. Dhamija, R., Tygar, J. & Hearst, M., 2006. Anti-phishing based on automated individual white-list. USA, ACM Workshop on Digital Identity Management.
  6. Gowtham, R. & Krishnamurthi, I., 2014. A Comprehensive and efficacious architecture for detecting phishing pages. Computers and Security.
  7. Han, W., Cao, Y., Bertino, E. & Yong, J., 2012. Using automated individual white-list to protect web digital identities. Expert Systems with Applications.
  8. Islam, R. & Abawajy, J., 2013. Multi-tier phishing detection and filtering approach. Journal of Network and Computer Applications.
  9. Kathryn, P. et al., 2015. The design of phishing studies: Challenges for researchers. Journal of Computers and Security.
  10. Larcom, G. & Elbirt, A., 2006. Gone phishing. IEEE Technology and Society.
  11. Larson, J., 2010. Enforcing Intellectual property rights to deter phishing. Intellectual Property and Technology .
  12. McCalley, H., Wardman, B. & Warner, G., 2011. Analyis of Backdoored Phishing Kits. IFIP Open Digital Library.
  13. Medvet, E., Kirda, E. & Kruegel, C., 2008. VisualSimilarity based phishing detection. Turkey, Proceedings of 4th conference on Security and Privacy in Communication Networks.
  14. Mohammed, A., Furkan, A. & Sonia, C., 2015. Why phishing still works: User strategies for combating phishing attacks. International Journal of Human Computer Studies, pp. 70-82.
  15. Ralf, K., Peter, F. & Wolfgang, N., 2009. Latent Dirichlet Allocation for Tag Recommendation. s.l., ACM RecSys.
  16. RSA, 2014. Anti-Fraud Command Center, s.l.: RSA monthly online fraud report.
  17. Sheng, S. et al., 2010. Who falls for phish? A demographic analysis of phishing susceptibility and effectivenessfor interventions. USA, Conference on Human factors in Computing Systems.
  18. Xu, W., Zhang, F. & Zhu, S., 2013. JStill:Most Static Detection of Obfuscated Malicious Javascript Code. s.l., CODASPY.
Download


Paper Citation


in Harvard Style

A. Orunsolu A. and Sodiya A. (2017). An Anti-Phishing Kit Scheme for Secure Web Transactions . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 15-24. DOI: 10.5220/0006074900150024


in Bibtex Style

@conference{icissp17,
author={A. A. Orunsolu and A. S. Sodiya},
title={An Anti-Phishing Kit Scheme for Secure Web Transactions},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={15-24},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006074900150024},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - An Anti-Phishing Kit Scheme for Secure Web Transactions
SN - 978-989-758-209-7
AU - A. Orunsolu A.
AU - Sodiya A.
PY - 2017
SP - 15
EP - 24
DO - 10.5220/0006074900150024