PhishShield: A Desktop Application to Detect Phishing Webpages through Heuristic Approach

Rao, Routhu Srinivasa; Ali, Syed Taqi

doi:10.1016/j.procs.2015.06.017

Cited by 69 publications

(30 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We can see that among the most relevant state-of-the-art techniques, only three [2], [30], [35] have comparable false positive rates to ours (≤ 0.001). Two of them [2], [30] do not admit client-side implementation, thus raising concerns like user privacy and delay in phish identification [5] that we previously identified.…”

Section: Related Workmentioning

confidence: 58%

“…In a similar manner, detection techniques relying on fixed heuristics (Alexa ranking, Google pagerank, etc.) are deployed as clientside phishing protection systems [34], [35], [36] but also exhibit high rate of missclassification [34], [36] or are not able to render decisions for all webpages [35]. Furthermore, static heuristics in client-side solutions can be easily discovered by an attacker and circumvented.…”

Section: Related Workmentioning

confidence: 99%

“…Scalability and language-/brandindependence are likely to be poor since they use 100,000 mostly static features (bag-of-words). PhishShield [35] is a client-side solution that has high precision and low false positive rate. It was evaluated on a very small testing dataset of 1,850 instances containing only 250 legitimate webpages, which raises concerns about how representative the results are.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Marchal

Armano²,

Gröndahl

et al. 2017

IEEE Trans. Comput.

View full text Add to dashboard Cite

Abstract-Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.

show abstract

Section: Related Workmentioning

confidence: 58%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Marchal

Armano²,

Gröndahl

et al. 2017

IEEE Trans. Comput.

View full text Add to dashboard Cite

show abstract

“…The tags in the source code of the page can be used as important features for detecting phishing attacks. In the source code for the page's footnotes, there are no real and outward links and this feature leads to detecting the phishing attack [10]. Detecting attack patterns based on these links is not an easy task due to the huge volume of information and its unorganized nature, so this requires special tools.…”

Section: Phishing Attacksmentioning

confidence: 99%

Detecting Internet Phishing Attacks Using Data Mining Methods

2016

3rd International Conference on Innovative Engineering Technologies (ICIET'2016) August 5-6, 2016 Bangkok (Thailand)

View full text Add to dashboard Cite

Abstract-Nowadays, the high rate of internet usage among cell phone users has caused many commercial and financial services to be provided through the internet. Despite the fact that internet has provided a functional platform for financial transactions of the users, it can also become challenging and dangerous. Information theft or phishing is a security challenge which is usually carried out by sending spoofed emails and spams. In this type of attacks, attackers usually try to earn the trust of the users by sending deceptive emails in order to direct them towards certain websites which contain spoofed pages for capturing user information. Phishing attacks based on spams are one of the most significant barriers for expanding online financial activities which can cause great losses for financial and credit institutions annually. Assessing the behavior of hackers in sending spam emails and carrying out phishing attacks shows that these attacks follow a particular pattern which is not discernable at the first glance. Discovering the hidden patterns of phishing attacks can be effective in developing software systems for protecting against this type of attacks. Data mining possesses a number of methods for extracting useful information from different unorganized data. This study tries to use a set of data mining tools for analyzing the data from these attacks in order to identify and detect the useful patterns of these attacks. The overall results show that compared to other methods, neural network is more accurate and more sensitive in detecting such attacks.

show abstract

“…[6]. Phishing discovery frameworks are proactive or responsive [7]. Existing phishing discovery techniques can be isolated into four classifications: URL boycott based technique, the visual similarity based technique, the URL and content component based strategy, and the outsider web search tool based technique.…”

Section: Introductionmentioning

confidence: 99%

A Cognitive Support for Identifying Phishing Websites using Bi-LSTM and RNN

Arivukarasi¹,

Antonidoss²

2019

IJRTE

View full text Add to dashboard Cite

 Abstract: Phishing over web is a saturating risk that speaks to fifth of online business sites. Regardless of the broad research in phishing sites location, none adapt with the nonstop improvement in phishing methods. Along these lines, a subjective, dynamic, and self-versatile phishing location framework is expected to consequently distinguish new phishing methodologies. Subjective Computing methods emulate the thinking and learning capacities of human mind. In this paper, we propose a psychological structure for phishing sites recognition. The structure utilizes an intellectual system called a bidirectional long momentary memory (BLSTM) intermittent neural system (RNN). Moreover, we incorporated a Convolutional Neural Network (CNN) for semantically distinguishing items and activities in sites' pictures. Existing phishing site discovery frameworks experience the ill effects of poor picture highlights execution as they utilize just factual and basic highlights of pictures. The system should outflank existing frameworks since it can gain from setting persistently identify new phishing strategies.

show abstract

PhishShield: A Desktop Application to Detect Phishing Webpages through Heuristic Approach

Cited by 69 publications

References 4 publications

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Detecting Internet Phishing Attacks Using Data Mining Methods

A Cognitive Support for Identifying Phishing Websites using Bi-LSTM and RNN

Contact Info

Product

Resources

About