IJCNIS Vol. 7, No. 12, 8 Nov. 2015
Cover page and Table of Contents: PDF (size: 594KB)
Full Text (PDF, 594KB), PP.70-77
Views: 0 Downloads: 0
Phishing, Anti-Phishing, Data Mining Algorithms, Add-on Anti-Phishing Tools
The term Phishing is a kind of spoofing website which is used for stealing sensitive and important information of the web user such as online banking passwords, credit card information and user’s password etc. In the phishing attack, the attacker generates the warning message to the user about the security issues, ask for confidential information through phishing emails, ask to update the user’s account information etc. Several experimental design considerations have been proposed earlier to countermeasure the phishing attack. The earlier systems are not giving more than 90 percentage successful results. In some cases, the system tool gives only 50-60 percentage successful result. In this paper, a novel algorithm is developed to check the performance of the anti-phishing system and compared the received data set with the data set of existing anti-phishing tools. The performance evaluation of novel anti-phishing system is studied with four different classification data mining algorithms which are Class Imbalance Problem (CIP), Rule based Classifier (Sequential Covering Algorithm (SCA)), Nearest Neighbour Classification (NNC), Bayesian Classifier (BC) on the data set of phishing and legitimate websites. The proposed system shows less error rate and better performance as compared to other existing system tools.
Rajendra Gupta, Piyush Kumar Shukla, "Performance Analysis of Anti-Phishing Tools and Study of Classification Data Mining Algorithms for a Novel Anti-Phishing System", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.12, pp. 70-77, 2015. DOI:10.5815/ijcnis.2015.12.08
[1]Ahmed Abbasi, Fatemeh “Mariam” Zahedi and Yan Chen, “Impact of Anti-Phishing Tool Performance on Attack Success Rates”, 10th IEEE International Conference on Intelligence and Security Informatics (ISI) Washington, D.C., USA, June 11-14, 2012.
[2]A. Abbasi and H. Chen, “A Comparison of Fraud Cues and Classification Methods for Fake Escrow Website Detection,” Information Technology and Management, Vol. 10(2), pp. 83-101, 2009.
[3]G. Bansal, F. M. Zahedi, and D. Gefen, “The Impact of Personal Dispositions on Information Sensitivity, Privacy Concern and Trust in Disclosing Health Information Online,” Decision Support Systems, Vol. 49(2), pp. 138-150, 2010.
[4]Y. Chen, F. M. Zahedi, and A. Abbasi, “Interface Design Elements for Anti-phishing Systems,” In Proc. Intl. Conf. Design Science Research in Information Systems and Technology, pp. 253- 265, 2011.
[5]S. Grazioli and S. L. Jarvenpaa, “Perils of Internet Fraud: An Empirical Investigation of Deception and Trust with Experienced Internet Consumers,” IEEE Trans. Systems, Man, and Cybernetics Part A, vol. 20(4), pp. 395-410, 2000.
[6]APWG 2nd Quarter 2014 Phishing Activity Trends Report from www.antiphishing.org
[7]Javelin Strategy and Research. http://www.javelinstrategy.com, 2012
[8]Rosana J. Ferolin, “A Proactive Anti-Phishing Tool Using Fuzzy Logic and RIPPER Data Mining Classification Algorithm”, pp. 292-304, 2012.
[9]Colin Whittaker, Brian Ryner, Marria Nazif, “Large-Scale Automatic Classification of Phishing Pages”, The Internet Society, 2010.
[10]V.Shreeram, M.Suban, P.Shanthi, K.Manjula, “Anti-Phishing Detection of Phishing Attacks using Genetic Algorithm”, Communication Control and Computing Technologies (ICCCCT), IEEE International Conference, 7-9 October 2010.
[11]Tianyang Li, Fuye Han, Shuai Ding and Zhen Chen, “LARX: Large-scale Anti-phishing by Retrospective Data-Exploring Based on a Cloud Computing Platform”, Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference, July 31, 2011 - August 4, 2011, pp. 1-5.
[12]Huajun Huang, Shaohong Zhong, Junshan Tan, “Browser-side Countermeasures for Deceptive Phishing Attack”, Fifth International Conference on Information Assurance and Security, IEEE Computer Society, pp. 352-355, 2009.
[13]Edward Ferguson, Joseph Weber, and Ragib Hasan, “Cloud Based Content Fetching: Using Cloud Infrastructure to Obfuscate Phishing Scam Analysis”, IEEE Eighth World Congress on Services, IEEE Computer Society, pp. 255-261, 2012.
[14]Mohammed Mahmood Ali, Dr. Lakshmi Rajamani, “Deceptive Phishing Detection System (From Audio and Text messages in Instant Messengers using Data Mining Approach)”, Proceedings of the International Conference on Pattern Recognition, Informatics and Medical Engineering (IEEE), March 21-23, 2012.
[15]Abdullah Alnajim, Malcolm Munro, “An Approach to the Implementation of the Anti-Phishing Tool for Phishing Websites Detection”, International Conference on Intelligent Networking and Collaborative Systems, IEEE Computer Society, pp. 105-112, 2009.
[16]J. S. Downs, M. B. Holbrook and L. F. Cranor, “Decision strategies and susceptibility to phishing”. Proc. the 2nd Symposium on usable Privacy and Security. New York, USA: ACM Press, 2006, pp. 79–90.
[17]M. Chandrasekaran, R. Chinchani and S. Upadhyaya, “PHONEY: Mimicking User Response to Detect Phishing Attacks”. Proc. International Symposium on a World of Wireless, Mobile and Multimedia Networks. Washington DC: IEEE Computer Society, 2006, pp. 668-672.
[18]S. A. Robila and J. W. Ragucci, “Don't be a Phish: Steps in User Education”. Proceeding 11th annual SIGCSE Conference on Innovation and Technology in Computer Science Education. New York: ACM Press, 2006, pp. 237 – 241.
[19]A. Alnajim and M. Munro, “An Anti-Phishing Approach that Uses Training Intervention for Phishing Websites Detection”. Proc. 6th IEEE International Conference on Information Technology - New Generations (ITNG). Las Vegas, IEEE Computer Society, 2009, pp. 405-410.
[20]R. Weaver and M. Collins, “Fishing for phishes: applying capture-recapture methods to estimate phishing populations,” in Proc. of the Anti-phishing Working Groups, 2nd Annual eCrime Researchers Summit. ACM, 2007, pp. 14–25.
[21]S. Sheng, B. Wardman, G. Warner, L. Cranor, J. Hong, and C. Zhang, “An empirical analysis of phishing blacklists,”, Proceeding of CEAS, 2009.
[22]M. Cova, C. Kruegel, and G. Vigna, “There is no free phish: an analysis of free and live phishing kits”, Proceeding of USENIX WOOT. USENIX Association, p. 4, 2008.
[23]B. Wardman, T. Stallings, G. Warner, and A. Skjellum, “High-performance content-based phishing attack detection”, Proceeding of eCrime. IEEE, pp. 1–9, 2011.
[24]C. Whittaker, B. Ryner, and M. Nazif, “Large-scale automatic classification of phishing pages”, Proceeding of NDSS, 2010.
[25]M. Hara, A. Yamada, and Y. Miyake, “Visual similarity-based phishing detection without victim site information” Nashville, Tennessee, USA: IEEE, pp. 30–36, Apr. 2009.
[26]Y. Zhang, S. Egelman, L. Cranor, and J. Hong, “Phinding phish: Evaluating Anti-Phishing tools,” in Proceedings of the 14th Annual Network & Distributed System Security Symposium, San Diego, California, USA, Mar. 2007.
[27]Y. Zhang, J. Hong, and L. Cranor, “CANTINA: A Content-Based approach to detecting phishing web sites,” in Proceedings of the 16th international conference on WorldWideWeb. Banff, Alberta, Canada: ACM, May 2007, pp. 639–648.
[28]Matthew Dunlop, Stephen Groat, and David Shelly “GoldPhish: Using Images for Content-Based Phishing Analysis”, The Fifth International Conference on Internet Monitoring and Protection, IEEE Computer Society, pg. 123-128, 2010
[29]N. Chou, R. Ledesma, Y. Teraguchi, D. Boneh, and J. Mitchell. Client-side defense against web-based identity theft. In 11th Network and Distributed System Security Symposium (NDSS), 2004.
[30]B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. Mitchell “Stronger Password Authentication Using Browser Extensions”, in 14th Usenix Security Symposium, 2005.
[31]Microsoft. Sender ID Framework Overview. http://www.microsoft.com, 2005
[32]Yahoo. Yahoo! Anti-Spam Resource Center. http://antispam.yahoo.com, 2006.
[33]Matthew Dunlop, Stephen Groat, and David Shelly, “GoldPhish: Using Images for Content-Based Phishing Analysis”, The Fifth International Conference on Internet Monitoring and Protection, IEEE Computer Society, 2010
[34]APWG 2nd Quarter 2014 Phishing Activity Trends Report from www.antiphishing.org
[35]Phishing website list from http://www.phishtank.com/, November 2013.
[36]Wang Binjuna, Wei Yangb, Yang Yanyanc, Han JiaI. J., “Design and Implementation of Anti-phishing Authentication System Wireless and Microwave Technologies”, Published Online at IJWMT-MECS, pp. 38-45, December 2011