PHISHDETECT: A Web Enabled Anti-Phishing Technique using Enhanced Heuristic Approach
No Thumbnail Available
Date
2016-08-25
Authors
OKUNOYE, Babatunde
AZEEZ, Nureni Ayofe
ILURIMI, Funmilayo Abiola
Journal Title
Journal ISSN
Volume Title
Publisher
Transition from Observation to Knowledge to Intelligence
Abstract
Phishing is a form of social engineering or website forgery technique
whereby attackers mimic a trusted website or public organization or sending e-mails in
an automated manner in order to steal sensitive information or credentials of online
users. This is done in a way the user does not realize he is in a phishing environment
and in turn reveals his sensitive information such as credit card information,
employment details, online shopping account passwords and bank information.
Phishers are still having their ways to succeed in their various nefarious activities and
attacks. Different anti-phishing schemes however have emerged but phishers still find
their ways around by breaking through various existing techniques. Against this
backdrop, this paper aims at presenting a web enabled anti-phishing technique using
enhanced heuristic approach. This technique immediately updates the blacklist if a
suspicious website is confirmed as a phishing site otherwise considered legitimate and
in turn update the whitelist. This novel anti-phishing eradicates the delay in updating
blacklist and whitelist. Users will be able to use this web application at will to test if a
site is legitimate or not. This technique was implemented using PHP programing
language and Database. The results after the implementation show that there was no
false negative (a phishing URL that is wrongly classified as legitimate) and one false
positive (a legitimate URL wrongly classified as phishing). The rate of false positive
and false negative is very low when compared with other techniques.
Description
Keywords
Heuristic, Phishing, web-enabled, blacklist, whitelist, social engineering, legitimate