Phishfort – Anti-Phishing Framework

  • Authors

    • Eric Abraham Kalloor
    • Dr Manoj Kumar Mishra
    • Prof. Joy Paulose
    2018-06-25
    https://doi.org/10.14419/ijet.v7i3.4.14673
  • Anti-Phishing, Cyber Security, Identity Theft, Phishing, Social Engineering

  • Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.

     

     

  • References

    1. [1] Singh, Akhilendra Pratap, et al. "Detection and prevention of phishing attack using dynamic watermarking." Information Technology and Mobile Communication. Springer, Berlin, Heidelberg, 2011. 132-137.

      [2] Chen, Juan, and Chuanxiong Guo. "Online detection and prevention of phishing attacks." Communications and Networking in China, 2006. ChinaCom'06. First International Conference on. IEEE, 2006.

      [3] Suganya, V. "A Review on Phishing Attacks and Various Anti Phishing Techniques." International Journal of Computer Applications (0975–8887) Volume.

      [4] Sharifi, Mohsen, et al. "A zero knowledge password proof mutual authentication technique against real-time phishing attacks." International Conference on Information Systems Security. Springer, Berlin, Heidelberg, 2007.

      [5] Miyamoto, Daisuke, Hiroaki Hazeyama, and Youki Kadobayashi. "An evaluation of machine learning-based methods for detection of phishing sites." International Conference on Neural Information Processing. Springer, Berlin, Heidelberg, 2008.

      [6] Atighetchi, Michael, and Partha Pal. "Attribute-based prevention of phishing attacks." Network Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium on. IEEE, 2009.

      [7] Parno, Bryan, Cynthia Kuo, and Adrian Perrig. "Phoolproof phishing prevention." Financial Cryptography. Vol. 4107. 2006.

      [8] Chawla, Minal, and Siddarth Singh Chouhan. "A survey of phishing attack techniques." International Journal of Computer Applications 93.3 (2014).

      [9] Greg Aaron and Rod Rasmussen “Unifying the Global Response To Cybercr ime†Global Phishing Survey 2015-2016 by APWG published 26 June 2017.

      [10] Iliyev, Dmytro, and Yong Bin Sun. "Website forgery prevention." Information Science and Applications (ICISA), 2010 International Conference on. IEEE, 2010.

      [11] Dhamija, Rachna, and J. Doug Tygar. "The battle against phishing: Dynamic security skins." Proceedings of the 2005 symposium on Usable privacy and security. ACM, 2005.

      [12] James, Divya, and Mintu Philip. "A novel anti phishing framework based on visual cryptography." Power, Signals, Controls and Computation (EPSCICON), 2012 International Conference on. IEEE, 2012.

      [13] Kumar, P. P. N. G., and R. John Mathew. "An Advanced Anti Phishing Approach Based On Two-Tier Validation." IJRCCT 3.9 (2014): 1015-1017.

      [14] Anti-Phishing Working Group. Phishing Activity Trends Report. [https://www.antiphishing.org/resources/apwg-reports/], 2017.

      [15] Kirda, Engin, and Christopher Kruegel. "Protecting users against phishing attacks with antiphish." Computer Software and Applications Conference, 2005. COMPSAC 2005. 29th Annual International. Vol. 1. IEEE, 2005.

      [16] Gastellier-Prevost, Sophie, Gustavo Gonzalez Granadillo, and Maryline Laurent. "Decisive heuristics to differentiate legitimate from phishing sites." Network and Information Systems Security (SAR-SSI), 2011 Conference on. IEEE, 2011.

      [17] Rosiello, Angelo PE, Engin Kirda, and Fabrizio Ferrandi. "A layout-similarity-based approach for detecting phishing pages." Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on. IEEE, 2007.

      [18] Naresh, U., U. VidyaSagar, and C. V. MadhusudanReddy. "Intelligent Phishing Website Detection and Prevention System by Using Link Guard Algorithm." IOSR Journal of Computer Engineering (IOSR-JCE) 14 (2013): 28-36.

      [19] Organizations Experienced Phishing Attacks 2017. “State of the Phishâ„¢ Report 2018â€. [https://www.tripwire.com/state-of-security/security-data-protection/three-quarters-organizations-experienced-phishing-attacks-2017-report-uncovers/], 2018.

      [20] Samuel Arbesman, “The Rarity of the Ampersand: Frequencies of Special Charactersâ€, [https://www.wired.com/2013/08/the-rarity-of-the-ampersand/], 2013.

  • Downloads

  • How to Cite

    Abraham Kalloor, E., Manoj Kumar Mishra, D., & Joy Paulose, P. (2018). Phishfort – Anti-Phishing Framework. International Journal of Engineering & Technology, 7(3.4), 42-46. https://doi.org/10.14419/ijet.v7i3.4.14673