Article Details

An Analysis Upon Various Measurements For Detection and Prevention of Phishing Attack |

Ashish Gupta, in International Journal of Information Technology and Management | IT & Management


Phishing is form of identity theftthat combines social engineering techniques and sophisticated attack vectors toharvest financial information from unsuspecting consumers. Often a phishertries to lure her victim into clicking a URL pointing to a rogue page. In thispaper, we focus on studying the structure of URLs employed in various phishingattacks. We find that it is oftenpossible to tell whether or not a URL belongs to a phishing attack withoutrequiring any knowledge of the corresponding page data. We describe severalfeatures that can be used to distinguish a phishing URL from a benign one. Thesefeatures are used to model a logistic regression filter that is efficient andhas a high accuracy. We use this filter to perform thorough measurements onseveral million URLs and quantify the prevalence of phishing on the Internettoday. Phishing is a type ofcyber-attack where the attacker creates a replica of an existing web page withan aim to acquire information such as usernames, passwords and credit carddetails of the users by fooling them into submitting personal data to what theythink is their service provider’s website. In this work, we present, a novel,algorithm to detect phishing web sites, based on the characteristics of thehyperlinks used in the phishing attacks and the content in the website.