PHISHDETECT: A Web Enabled Anti-Phishing Technique using Enhanced Heuristic Approach
No Thumbnail Available
AZEEZ, Nureni Ayofe
ILURIMI, Funmilayo Abiola
Transition from Observation to Knowledge to Intelligence
Phishing is a form of social engineering or website forgery technique whereby attackers mimic a trusted website or public organization or sending e-mails in an automated manner in order to steal sensitive information or credentials of online users. This is done in a way the user does not realize he is in a phishing environment and in turn reveals his sensitive information such as credit card information, employment details, online shopping account passwords and bank information. Phishers are still having their ways to succeed in their various nefarious activities and attacks. Different anti-phishing schemes however have emerged but phishers still find their ways around by breaking through various existing techniques. Against this backdrop, this paper aims at presenting a web enabled anti-phishing technique using enhanced heuristic approach. This technique immediately updates the blacklist if a suspicious website is confirmed as a phishing site otherwise considered legitimate and in turn update the whitelist. This novel anti-phishing eradicates the delay in updating blacklist and whitelist. Users will be able to use this web application at will to test if a site is legitimate or not. This technique was implemented using PHP programing language and Database. The results after the implementation show that there was no false negative (a phishing URL that is wrongly classified as legitimate) and one false positive (a legitimate URL wrongly classified as phishing). The rate of false positive and false negative is very low when compared with other techniques.
Heuristic, Phishing, web-enabled, blacklist, whitelist, social engineering, legitimate