Top

Cluster Computing

Published in:

01-09-2014

PhishTackle—a web services architecture for anti-phishing

Authors: R. Gowtham, Ilango Krishnamurthi

Published in: Cluster Computing | Issue 3/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Phishing is web based criminal activity of making innocent online users to reveal sensitive information into fake web sites. Such fake web sites lead to fraudulent charges against individuals and corporations. Phishers have a lot of methods to design and host phished web pages, so in reality there cannot be a single solution that can help us combat phishing. As technology advances, the phishing techniques being used are also getting advanced and hence it demands the anti-phishing techniques also to be upgraded and the new techniques are to be included along with the existing methods. But most of the anti-phishing techniques today do not satisfy these criteria.

In this paper, we propose service oriented three-layer architecture model for detecting and identifying phishing web sites as it overcomes the shortcomings of existing anti-phishing solutions. This model enables us to separate the user interface layer from the anti-phishing components layer. This is done through web service middleware layer, which provides us with the freedom of building our own anti-phishing components layer in an efficient and flexible way, independent of other layers.

Anti-phishing components layer provides a set of reusable components to convert webpage into feature vectors using finest heuristic methods and external repositories of information. The feature vectors act as an input to trained support vector machine classifier to generate phishing label which determines whether a webpage is legitimate or a phishing page. This when experimented, displayed the significance and importance of three-layered architecture model along with combination of heuristics in detection of phishing webpage. This results in high accuracy of 99 % with less than 1 % of false positive rate.

previous article FastMPJ: a scalable and efficient Java message-passing library

next article Development of Korean spine database and ontology for realizing e-Spine

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

RSA Anti-Fraud Command Center: RSA monthly online fraud report, May 2012. http://www.rsa.com/solutions/consumer_authentication/intelreport/11713_Online_Fraud_report_0512.pdf, visited on June 2012

Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: CHI, April, pp. 601–610 (2006)

Cranor, L., Egelman, S., Hong, J., Zhang, Y.: Phinding phish: an evaluation of anti-phishing toolbars. Technical report, Carnegie Mellon University, November 2006, pp. 1–20

The Symantec Security Response team: Symantec report on attack kits and malicious websites, January 2011. http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec_report_on_attack_kits_and_malicious_websites_exec_summary_21169172_WP.en-us.pdf, visited on Feb 2012

Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching jOhnny not to fall for phish. ACM Trans. Internet Technol. 10(2), 7 (2010). doi:10.1145/1754393.1754396 CrossRef

Irani, D., Webb, S., Giffin, J., Pu, C.: Evolutionary study of phishing. In: Proceedings of the 3rd Anti-Phishing Working Group eCrime Researchers Summit, Atlanta, GA, pp. 1–8 (2008)

FDIC: putting an end to account-hijacking identity theft. http://www.fdic.gov/consumers/consumer/idtheftstudy/identity_theft.pdf, visited on Feb 2012

Symantec global intelligence network, state of spam and phishing report, February 2010. http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_and_phishing_report_02-2010.en-us.pdf

Zhang, Y., Hong, J.I., Cranor, L.F.: CANTINA—a content-based approach to detecting phishing web sites. In: Proc. of the 16th International Conference on World Wide Web, Banff, Alberta, Canada, May 08–12, pp. 639–648 (2007) CrossRef

10.

He, M., Horng, S.-J., Fan, P., Khan, M.K., Run, R.-S., Lai, J.-L., Chen, R.-J., Sutanto, A.: An efficient phishing webpage detector. Expert Syst. Appl. Int. J. 38(10), 18–27 (2011) CrossRef

11.

Pan, Y., Ding, X.: Anomaly based web phishing page detection. In: Proc. of the 22nd Annual Computer Security Applications Conference (ACSAC’06), pp. 381–392 (2006)

12.

Wang, Y., Agrawal, R., Choi, B.: Light weight anti-phishing with user white listing in a web browser. In: Proc. of the IEEE Region 5 Conference, Kansas City, pp. 1–4 (2008)

13.

Han, W., Cao, Y., Bertino, E., Yong, J.: Using automated individual white-list to protect web digital identities. Expert Syst. Appl. (2012). doi:10.1016/j.eswp.2012.02.020

14.

Sharifi, M., Siadati, S.: A phishing sites blacklist generator. In: Proc. of International Conference on Computer Systems and Applications, AICCSA, Doha, Qatar, pp. 840–843 (2008)

15.

Chandrasekaran, M., Chinchani, R., Upadhyaya, S.: PHONEY: mimicking user response to detect phishing attacks. In: Proc. of Intl. Symposium on World of Wireless, Mobile and Multimedia Networks, Niagara-Falls, NY, June 2006, pp. 668–672 (2006)

16.

Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proc. of the 16th Intl. Conf. on World Wide Web, Banff, Alberta, Canada, May 2007, pp. 649–656 (2007) CrossRef

17.

Dhamija, R., Tygar, J.: The battle against phishing: dynamic security skins. In: Proc. of the Symposium on Usable Privacy and Security, Pittsburgh, USA, July 2005, pp. 77–88 (2005)

18.

Liu, W., Deng, X., Huang, G., Fu, A.Y.: An anti-phishing strategy based on visual similarity assessment. IEEE Internet Comput. 10(2), 58–65 (2006) CrossRef

19.

Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.: Client-side defense against web-based identify theft. In: Proc. of the 11th Annual Network and Distributed System Security Symposium, NDSS’04, San Diego, CA, February 2004, vol. 380 (2004)

20.

Xiang, G., Hong, J., Rose, C.P., Cranor, L.: CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. 14(2), 21 (2011). doi:10.1145/2019599.2019606 CrossRef

21.

Xiang, G., Hong, J.I.: A hybrid phish detection approach by identity discovery and keywords retrieval. In: Proceedings of the 18th International Conference on World Wide Web, pp. 571–580. ACM Press, New York (2009) CrossRef

22.

Florencio, D., Herley, C.: Microsoft research; evaluating a trial deployment of password re-use for phishing prevention. In: APWG eCrime Researchers Summit, Pittsburgh, PA, USA, October 4–5, 2007, pp. 26–36 (2007)

23.

Joshi, Y., Saklikar, S., Das, D., Saha, S.: PhishGuard: a browser plug-in for protection from phishing. In: Proc. of the 2nd International Conference on Internet Multimedia Services Architecture and Applications, Bangalore, India, pp. 1–6 (2008) CrossRef

24.

Yue, C., Wang, H.: BogusBiter: a transparent protection against phishing attacks. ACM Trans. Internet Technol. 10(2), 6 (2010). doi:10.1145/1754393.1754395 CrossRef

25.

Wenyin, L., Fang, N., Quan, X., Qiu, B., Liu, G.: Discovering phishing target based on semantic link network. Future Gener. Comput. Syst. 26(3) (2010)

26.

Shahriar, H., Zulkernine, M.: Trustworthiness testing of phishing websites: a behavior model-based approach. Future Gener. Comput. Syst. (2011). doi:10.1016/j.feture.2011.02.001

27.

Peltz, C.: Web services orchestration and choreography. Computer, 46–52 (2003)

28.

Wood, J., Brodlie, K., Seo, J., Duke, D., Walton, J.: A web services architecture for visualization. In: Proc. of the IEEE International Conference on eScience, pp. 1–7 (2008)

29.

SOAP 1.1: simple object access protocol (SOAP) 1.1, W3C, Note 08 May 2000. http://www.w3.org/TR/2000/NOTE-SOAP-20000508, visited on Feb 2012

30.

Lau, K.-K., Tran, C.M.: Composite web services. In: Pautasso, C., Gschwind, T. (eds.) Emerging Web Services Technology, vol. 2, pp. 77–95. Birkhauser, Basel (2008) CrossRef

31.

Dao, T.: Term frequency-inverse document frequency implementation in C#, the code project, C# programming. http://www.codeproject.com/csharp/tfidf.asp, visited on Nov 2011

32.

Davies, M.: (2011) Word frequency data from the Corpus of Contemporary American English (COCA). Downloaded from http://www.wordfrequency.info on December 18, 2011

33.

Sobek, M.: A survey of Google’s pagerank. Available at http://pr.efactory.de/

34.

Bian, K., Park, J.-M., Hsiao, M.S., Belanger, F., Hiller, J.: Evaluation of online resources in assisting phishing detection. In: Ninth Annual International Symposium on Applications and the Internet, 20–24 July 2009, pp. 30–36 (2009) CrossRef

35.

Netcraft: Governments hosted 146 new phishing sites in July, July 2011. http://news.netcraft.com/archives/2011/08/19/governments-hosted-146-new-phishing-sites-in-july.html, visited on Feb 2012

36.

Ronda, T., Saroiu, S., Wolman, A.: Itrustpage: a user-assisted anti-phishing tool. In: Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 261–272. ACM, New York (2008) CrossRef

37.

Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor, L., Hong, J., Blair, M.A., Pham, T.: School of phish: a real-world evaluation of anti-phishing training. In: Symposium on Usable Privacy and Security, Mountain View, CA. USA July 15–17, 2009

38.

Anti-phishing act of 2005. http://www.govtrack.us/congress/bills/109/hr1099/text, visited on June 2012

39.

Barrett, M., Levy, D.: A practical approach to managing phishing. Paypal Whitepaper, April 2008

40.

Maeda, T., Nomura, Y., Hara, H.: Security and reliability for web services. Fujitsu Sci. Tech. J. 39(2), 214–223 (2003)

Title: PhishTackle—a web services architecture for anti-phishing
Authors: R. Gowtham
Ilango Krishnamurthi
Publication date: 01-09-2014
Publisher: Springer US
Published in: Cluster Computing / Issue 3/2014
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-013-0320-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2014

Task scheduling on computational Grids using Gravitational Search Algorithm

Mining-based associative image filtering using harmonic mean

Design and implementation of an integrated management system in a plant factory to save energy

On tradeoff between the two compromise factors in assigning tasks on a cluster computing

Trust-driven and QoS demand clustering analysis based cloud workflow scheduling strategies

Development of Korean spine database and ontology for realizing e-Spine

Premium Partner