A New Heuristic Based Phishing Detection Ap- proach Utilizing Selenium Web-driver

Phishing is a nontrivial problem involving deceptive emails and webpages that trick unsuspecting users into willingly revealing their confidential information. In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages. First, the finest existing technologies or techniques that have used similar heuristics we will be discussed and evaluated. The methodology introduced in our paper identifies fraudulent websites by submitting incorrect credentials and analyzing the response. We have also proposed a mechanism for analyzing the responses from server against the submissions of all those credentials to determine the legitimacy of a given website. The application was implemented in python programming language by utilizing Selenium web testing library, hence “Selenium” is used in the name of our tool. To test the application, a dataset from Alexa top 500 and Phishtank was collected. All pages with login forms from the Alexa 500 and Phishtank were analyzed. The application works with any authentication technologies which are based on exchange of credentials. Our current prototype is developed for sites supporting both HTTP and HTTPS authentication and accepting email and password pair as login credential. Our algorithm is developed as a separate module which in future can be integrated with browser plug-ins through an API. We also discuss the design and evaluation of several URL analysis techniques we utilized to reduce false positives and improve the overall performance. Our experiments show that SeleniumPhishGuard is excellent at detecting login phishing forms, correctly classifying approximately 96% of login phishing pages.