A URL with Image-based Feature Extraction for Preventing Phishing Attacks

Dyaa Eldeen Nasr Motawa, Ahamed El Shrief

Abstract

Currently, Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. We compared previous password protection solutions, some of the presented solutions use specialized equipment or additional servers to protect passwords. Other solutions are prone to spoofing and phishing attacks as well as introduce usability issues. Also these solutions do not address the challenge of protecting passwords against the adversary who can, for instance, exploit server-side software vulnerabilities. Our goal is enhancing the best solution to prevent phishing by alerting the users from phishing websites when detected based on URL with image-based feature extraction method.

Full Text:

PDF

References

HERLEY, C., VAN OORSCHOT, P. C., AND PATRICK, A. S. Passwords: If We're So Smart, Why Are We Still Using Them? Springer Berlin Heidelberg, Berlin, Heidelberg, 2009, pp. 230-237. Financial Cryptography and Data Security: 13th International Conference, FC 2009, Accra Beach, Barbados, February 23-26, 2009. Revised Selected Papers.

HERLEY, C., AND OORSCHOT, P. V. A research agenda acknowledging the persistence of passwords. IEEE Security Privacy 10, 1 (Jan 2012), 28-36.

BONNEAU, J., HERLEY, C., VAN OORSCHOT, P. C., AND STAJANO, F. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Security and Privacy (SP), 2012 IEEE Symposium on (2012), IEEE, pp. 553-567.

YAN, J., BLACKWELL, A., ANDERSON, R., AND GRANT, A. The memorability and security of passwords — some empirical results. http://www.cl.cam.ac.uk/ techreports/UCAM-CL- TR- 50 0 .pdf , Sept. 2000. UCAM-CL-TR-500, University of Cambridge, Computer Laboratory

(2000).

MENKUS, B. Understanding the use of passwords. Computers Security 7, 2 (1988), 132 — 136.

GAW, S., AND FELTEN, E. W. Password management strategies for online accounts. In Proceedings of the Second Symposium on Usable Privacy and Security (New York, NY, USA, 2006), SOUPS '06, ACM, pp. 44-55.

GEHRINGER, E. F. Choosing passwords: security and human factors. In Technology and Society, 2002. (ISTAS'02). 2002 International Symposium on (2002), pp. 369-373.

A.K. Jain, B. GuptaA novel approach to protect against phishing attacks at client side using auto-updated white-list EURASIP J. Inf. Sec., 2016 (2016), pp. 1-11

M. He, S.-J. Horng, P. Fan, M.K. Khan, R.S. Run, J.-L. Lai, R.-J. Chen, A. Sutanto An efficient phishing webpage detector Expert Syst. Appl., 38 (2011), pp. 1201812027.

Y. Pan, X. Ding. Anomaly based web phishing page detection Computer Security Applications Conference, 2006. ACSAC’06. 22nd Annual (pp. 381–392), IEEE (2006).

R. Islam, J. Abawajy. A multi-tier phishing detection and filtering approach J. Network Comput. Appl., 36 (2013), pp. 324-335.

S.C. Jeeva, E.B. Rajsingh. Intelligent phishing url detection using association rule mining Human-centric Comput. Inf. Sci., 6 (2016), p. 10, 10.1186/s13673-016-0064-3.

Y. Li, R. Xiao, J. Feng, L. Zhao. A semi-supervised learning approach for detection of phishing webpages Optik-International J. Light Electr Opt, 124 (2013), pp. 6027-6033.

S. Roopak, T. Thomas. A novel phishing page detection mechanism using html source code comparison and cosine similarity Advances in Computing and Communications (ICACC), 2014 Fourth International Conference on (pp. 167–170), IEEE (2014).

D. Abraham, N.S. Raj. Approximate string matching algorithm for phishing detection. in: dvances in Computing dvances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on (pp. 2285– 2290), IEEE (2014).

S. Garera, N. Provos, M. Chew, A.D. Rubinframework for detection and measurement of phishing attacks In Proceedings of the 2007 ACM Workshop on Recurring Malcode, ACM (2007), 10.1145/1314389.1314391.

A. Le, A. Markopoulou, M. FaloutsosPhishdef: Url names say it all INFOCOM, 2011 Proceedings IEEE (pp. 191–195), IEEE (2011).

E.H. Chang, K.L. Chiew, W.K. Tiong, et al. Phishing detection via identification of website identity IT Convergence and Security (ICITCS), 2013 International Conference on (pp. 1–4), IEEE (2013).

M.G. Alkhozae, O.A. Batarfi. Phishing websites detection based on phishing characteristics in the webpage source code Int. J. Inf. Commun. Technol. Res., 1 (2011).

C.L. Tan, K.L. Chiew, et al. Phishing webpage detection using weighted url tokens for identity keywords retrieval 9th International Conference on Robotic, Vision, Signal Processing and Power Applications (pp. 133–139), Springer (2017).

R.B. Basnet, T. Doleck. Towards developing a tool to detect phishing urls: A machine learning approach Computational Intelligence & Communication Technology (CICT), 2015 IEEE International Conference on (pp. 220–223), IEEE (2015).

G. Sonowal, K. Kuppusamy. Masphid: A model to assist screen reader users for detecting phishing sites using aural and visual similarity measures Proceedings of the International Conference on Informatics and Analytics (p. 87), ACM (2016).

Lee, J.-L., Kim, D.-H., Chang-Hoon, Lee, 2015. Heuristic-based approach for phishing site detection using url features. in: Third International Conference On Advances in Computing, Electronics and Electrical Technology - CEET.

Dhinakaran, C., Nagamalai, D., Lee, J.K. (2010). Multilayer approach to defend phishing attacks. ŁååŁ, 11, 417–425.

Refbacks

  • There are currently no refbacks.