Detection of E - Banking Phishing Websites

Phishing is a new type of network attack where the attacker creates a replica of an existing web page to fool users in to submitting personal, financial, or password data to what they think is their service provider‟s website. The concept is an end-host based anti-phishing algorithm, called the Link Guard, by utilizing the generic characteristics of the hyperlinks in phishing attacks. The link Guard algorithm is the concept for finding the phishing emails sent by the phisher to grasp the information of the end user. Link Guard is based on the careful analysis of the characteristics of phishing hyperlinks. Each end user is implemented with Link Guard algorithm. After doing so the end user recognizes the phishing emails and can avoid responding to such mails. Since Link Guard is characteristics based it can detect and prevent not only known phishing attacks but also unknown ones. The project uses the Java technologies and Oracle. -----------------------------------------------------------------------------------------------------------------------------------------------------------KeywordsPhishing, Fuzzy Logic, Data Mining, Classification, association, e-banking risk assessment I.INTRODUCTION Phishing is a new word produced from 'fishing', it refers to the act that the attacker allure users to visit a faked Web site by sending them faked e-mails (or instant messages), and stealthily get victim's personal information such as user name, password, and national security ID, etc. This information then can be used for future target advertisements or even identity theft attacks (e.g., transfer money from victims' bank account). The frequently used attack method is to send e-mails to potential victims, which seemed to be sent by banks, online organizations, or ISPs. In these e-mails, they will make up some causes, e.g. the password of your credit card had been mis-entered for many times, or they are providing upgrading services, to allure you visit their Web site to conform or modify your account number and password through the hyperlink provided in the email. If you input the account number and password, the attackers then successfully collect the information at the server side, and is able to perform their next step actions with that information (e.g., withdraw money out from your account).Phishing itself is not a new concept, but it's increasingly used by phishers to steal user information and perform business crime in recent years. Within one to two years, the number of phishing attacks increased dramatically. Our analysis identifies that the phishing hyperlinks share one or more characteristics as listed below: 1) The visual link and the actual link are not the same; 2) The attackers often use dotted decimal IP address instead of DNS name; 3) Special tricks are used to encode the hyperlinks maliciously; 4) The attackers often use fake DNS names that are similar (but not identical) with the target Web site. We then propose an end-host based anti-phishing algorithm which we call Link Guard, based on the characteristics of the phishing hyperlink. Since Link Guard is character-based, it can detect and prevent not only known phishing attacks but also unknown ones. We have implemented Link Guard in Windows XP, and our experiments indicate that Link Guard is lightweighted in that it consumes very little memory and CPU circles, and most importantly, it is very effective in detecting phishing attacks with minimal false negatives. The paper is organized as follows: Section 2 presents the literature review and related work. Section 3 presents the existing anti phishing approaches. Section 4 introduces the system design and implementation of Link Guard approach. and then conclusions and future work are given in Section 5. II. LITERATURE REVIEW AND RELATED