Phish Indicator: An Indication for Phishing Sites

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 325)

Abstract

Phishing is a simple social engineering technique that functions by creating a fake Web site, often imitating a legitimate site. Despite many anti-phishing tools are developed, the phishing attacks are still a drift of trust in Internet security. In this paper, the indicator acts as an enhancement toward the usability of the cyber trust mechanisms. Here, the phish indicator is developed as a browser extension, which will detect and classify the URL as phishing or genuine site. The classification of the URL visited by the user is done using Levenshtein algorithm and some heuristic criterions. It will alert the user with a message of whether the URL visited is a phishing site or a genuine site. Thus, the indication will help whenever the user attempts to give away his information to a Web site that is considered untrusted.

Keywords

Phishing Trust indicators Whitelist Browser extension 

References

  1. 1.
    H.-J. Hof, Towards enhanced usability of it security mechanisms-how to design usable it security mechanisms using the example of email encryption, Int. J. Adv. Secur 6(1&2), 78–87 (2013)Google Scholar
  2. 2.
    M. Abramson, D.W. Aha, What’s in a URL?Genre Classification from URLs, in Association for the Advancement of Artificial Intelligence (2012)Google Scholar
  3. 3.
    L. Cranor, S. Egelman, J. Hong, Y. Zhang, Phinding Phish: An evaluation of anti-Phishing toolbars (2009)Google Scholar
  4. 4.
    A. Jain, V. Richariya, Implementing a web browser with phishing detection techniques. World Comp. Sci. Inf. Technol. J. (WCSIT) ISSN: 2221-0741 1(7), 289–291 (2011)Google Scholar
  5. 5.
    H. Shahriar, M. Zulkernine, Phish tester: automatic of testing phishing attacks in secure software integration and reliability improvement (SSIRI) (IEEE CS Press, Singapore, 2010), pp. 198–207Google Scholar
  6. 6.
    P. Prakash, M. Kumar, R.R. Kompella, M. Gupta, PhishNet: Predictive blacklisting to detect phishing attacks (2009) INFOCOM, in Proceedings IEEE, 14–19 March 2010, pp. 1–5Google Scholar
  7. 7.
    Y. Cao, W. Han, Y. Le, Anti-phishing based on automated individual white-list (2008)Google Scholar
  8. 8.
    V.P. Reddy, V. Radha, M. Jindal, Client side protection from phishing attack, Int. J. Adv. Eng. Sci. Technol.(IJAEST) 3, 39–45 (2011)Google Scholar
  9. 9.
    A. Barth, A.P. Felt, P. Saxena, A. Boodman, Protecting Browsers from Extension 208 Vulnerabilities (2010)Google Scholar
  10. 10.
    S. Gastellier-Prevost, G.G. Granadillo, M. Laurent, Decisive heuristics to differentiate legitimate from phishing sites (2010)Google Scholar
  11. 11.
    D.K. McGrath, M. Gupta, Behind phishing: an examination of phisher modi operandi, in Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (2008), p. 4Google Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.TIFAC CORE in Cyber SecurityAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations