New rule-based phishing detection method

Moghimi, Mahmood; Varjani, Ali Yazdian

doi:10.1016/j.eswa.2016.01.028

Cited by 208 publications

(87 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Furthermore, studies demonstrate that in many cases users do not have proper knowledge about the SSL padlock shown in the browser . Some former methods such as in the works of Moghimi and Varjani and Gouda et al are based on using SSL. Our proposed approach is not dependent on HTTPS protocol and can be used for the websites with both HTTP and HTTPS protocols. Search engines independency: Some previously proposed anti‐phishing methods such as in other works are based on using search engine results.…”

Section: Analysis Of the Proposed Methodsmentioning

confidence: 99%

“…Although this method does not falsely detect new and low profile websites as phishing, the computation power to extract and compare textual information is enormous.Fuzzy logic and neural network have been also used to detect phishing websites by employing the features extracted from the page content in the works of Aburrous et al and Nguyen et al, but both have high computational cost and can not detect all phishing attacks. PhishDetector is another detection method which used Levenshtein distance, the string matching algorithm, to evaluate the URL identity by comparing the Levenshtein distance of resource elements addresses with the website URL. This method also used the number of links, images, scripts, or CSS styles loaded through a SSL protocol and applied support vector machine (SVM) to categorize the websites in order to identify it as a phishing website or a genuine website.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Preventing phishing attacks using text and image watermarking

Hajiali

Amirmazlaghani

Kordestani

2018

Concurrency and Computation

View full text Add to dashboard Cite

Summary Phishing is a form of identity theft used to illegally gather personal and financial information by providing fake web pages designed to mimic the website of a legitimate business. In this paper, we propose a novel anti‐phishing approach based on using imperceptible watermarking and monitoring the HTTP requests. In the server‐side, a URL dependent watermark is generated and embedded in the elements of the web page, which are logo image and HTML/CSS files. In the client side, to authenticate the website and check its safety, the watermark is regenerated and compared with the extracted watermarks from the elements of the webpage. Security analysis of the proposed method demonstrates its robustness against some common attacks. The proposed method performs fully automatically and without user interaction. It can be simply implemented and used for all kinds of websites, either secured or not secured with SSL protocol.

show abstract

Section: Analysis Of the Proposed Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Preventing phishing attacks using text and image watermarking

Hajiali

Amirmazlaghani

Kordestani

2018

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Moghimi et al [53] proposed the use of Levenshtein Distance for string matching to find the relationship between the content and the URL of a webpage and used SVM for classification. Singh et al [54] proposed training via Adaline network as more efficient and accurate for neural network for phishing detection.…”

Section: Heuristics and Machine Learning-based Techniquesmentioning

confidence: 99%

A survey and classification of web phishing detection schemes

Varshney

Misra

Atrey

2016

Security Comm Networks

113

View full text Add to dashboard Cite

Phishing is a fraudulent technique that is used over the Internet to deceive users with the goal of extracting their personal information such as username, passwords, credit card, and bank account information. The key to phishing is deception. Phishing uses email spoofing as its initial medium for deceptive communication followed by spoofed websites to obtain the needed information from the victims. Phishing was discovered in 1996, and today, it is one of the most severe cybercrimes faced by the Internet users. Researchers are working on the prevention, detection, and education of phishing attacks, but to date, there is no complete and accurate solution for thwarting them. This paper studies, analyzes, and classifies the most significant and novel strategies proposed in the area of phished website detection, and outlines their advantages and drawbacks. Furthermore, a detailed analysis of the latest schemes proposed by researchers in various subcategories is provided. The paper identifies advantages, drawbacks, and research gaps in the area of phishing website detection that can be worked upon in future research and developments. The analysis given in this paper will help academia and industries to identify the best anti-phishing technique.

show abstract

“…In this attack, attackers divert Internet traffic from the legitimate website to the phishing website. Language dependent: Most of the anti-phishing techniques are based on heuristics, which include the keyword frequently appearing in the phishing website [13,14]. If these techniques detect the keywords written in the English language, then they cannot detect other languages, e.g., Chinese, Hindi, Japanese, etc.…”

Section: Phishing Attack Classificationmentioning

confidence: 99%

“…In general, phishing detection techniques can be classified as either user education or software-based anti-phishing techniques. Software-based techniques can be further classified as list-based, heuristic-based [13][14][15], and visual similarity-based techniques [16].…”

Section: Related Workmentioning

confidence: 99%

A novel approach to protect against phishing attacks at client side using auto-updated white-list

Jain

Gupta

2016

EURASIP J. on Info. Security

148

View full text Add to dashboard Cite

Most of the anti-phishing solutions are having two major limitations; the first is the need of a fast access time for a real-time environment and the second is the need of high detection rate. Black-list-based solutions have the fast access time but they suffer from the low detection rate while other solutions like visual similarity and machine learning suffer from the fast access time. In this paper, we propose a novel approach to protect against phishing attacks using auto-updated white-list of legitimate sites accessed by the individual user. Our proposed approach has both fast access time and high detection rate. When users try to open a website which is not available in the white-list, the browser warns users not to disclose their sensitive information. Furthermore, our approach checks the legitimacy of a webpage using hyperlink features. For this, hyperlinks from the source code of a webpage are extracted and apply to the proposed phishing detection algorithm. Our experimental results show that the proposed approach is very effective for protecting against phishing attacks as it has 86.02 % true positive rate while less than 1.48 % false negative rate. Moreover, our proposed system is efficient to detect various other types of phishing attacks (i.e., Domain Name System (DNS) poisoning, embedded objects, zero-hour attack).

show abstract

New rule-based phishing detection method

Cited by 208 publications

References 16 publications

Preventing phishing attacks using text and image watermarking

Preventing phishing attacks using text and image watermarking

A survey and classification of web phishing detection schemes

A novel approach to protect against phishing attacks at client side using auto-updated white-list

Contact Info

Product

Resources

About