Surf your online banking webpages with high reliability!

PhishDetector is a powerful extension which detects phishing attacks in online banking web sites. It is a rule-based system that analyses the webpage content to identify phishing attacks. PhishDetector has the ability to detect online banking phishing scams quickly with zero false negative alarm. For accurate result, it is recommended to use this extension for your online banking web pages only.


Try it for free from Chrome Store
ChromeWebStore-PhishDetector

System Overview

Over the past few years, following the growth of communication networks, internet as the biggest has been widespread popular. Using anonymity provided by the internet, hustlers set out to deceive people with false offers and make themselves look legitimate in this medium [1]. Today, financial crimes are transformed from direct attacks into indirect attacks. phishing is a kind of electronic identity theft in which a combination of social engineering and fake website creating methods is used to deceive user to disclose his/her confidential and invaluable details [2].

With increased terminals for access to information, online banking creates the need for using reliable methods in order to control and use confidential and vital information. To date, different approaches have been provided for detecting such attacks, but most of them can't detect such attacks accuracy.

We present a new rule-based method for detecting phishing attacks in online banking by classifying web pages into Phishing and Legitimate. Our method performs the web page classification by employing the main characteristics that distinguishing the fake websites from a legitimate. Our new technique has implemented in the form of an extension for chrome browser.

Our method has more functionality such as :


  • High accuracy
  • Low false alarm
  • Fast phishing detection
  • Easy to use
  • Easy customization
  • ...

Implementation

In order to present a cross-browser detection system with more functionality, we decided to implement our rule-based method as a web API. With this strategy, we can build, deploy, and manage our phishing detection system from one source on various browsers. To classify web pages quickly, we need an Inference Engine with high availability APIs with the ability of making secure communication with the extension. We created our rule-based Inference Engine as a RESTful web API and we placed it on the cloud environment behind load balancers.

In this case, we implement a Chrome extension to extract required webpage features and communicate with the Inference Engine to classify the webpage. We developed our extension as a content script in order to interact with the webpage content. Content scripts are JavaScript files that run in the context of web pages [3]. It provides us to access the standard webpage DOM. Therefore, we can analyze webpage DOM and extract corresponding features as fast as possible. Content scripts execute in a special environment called an isolated world [3]. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page [3].

Implementation

Phishing detection result appears as soon as PhishDetector Inference Engine (PDIE) classifies the webpage. PhishDetector can identify online banking phishing pages with high accuracy.

Usage

At runtime when the user calls our extension by clicking on its icon, our system tries to extract all features as described in related paper. These features extracted from the current webpage URL and content. Then, based on the extracted values and the rules contained in the knowledgebase of our system, the webpage is classified. The result will be shown to the user in the browser output through a popup window, which contains more detail about the inference result. When the system detects the current page as a legitimate webpage, it warns the user to enter his/her information with caution if necessary. For more details, it shows the domain of the webpage too. However, when the system detects a page as a phishing webpage, it shows a popup page that recommend to close the page immediately and do not browse its content


Screenshot
Screenshot
Screenshot

Try it for free from Chrome Store
ChromeWebStore-PhishDetector

Runtime analysis

For the runtime performance evaluation of implemented extension, we use a desktop computer with a 2.0GHz Core2Due processor and 2GB RAM. We evaluate the runtime performance with some phishing and legitimate webpages, which selected from our dataset randomly. In worst-case scenario, we got 50ms and near to 12.7ms on average delay until features extracted from a webpage. Total execution time of our extension on various webpages shows that it can extract features and classify the webpage based on features vector at 1,500ms ~ 4,800ms, which is relatively acceptable.

Dataset

To classify webpages based on features vector, it is necessary to train the system on real data. Our dataset obtained from two different sources: Legitimate webpages collected from Yahoo directory service and phishing webpages collected from PhishTank. Our phishing webpage collection focused on online banking web sites. We generated three datasets using stratified sampling with unique online banking phishing and legitimate webpages:


  • Dataset1: includes 1158 phishing and 549 legitimate webpages.
  • Dataset2: includes 290 phishing and 137 legitimate webpages.
  • Dataset3: includes 103 phishing and 73 legitimate webpages.

Publications

  • M. Moghimi, A.Yazdian, "Designing a Rule-Based Model Using SVM and Decision Tree to Detect Phishing Attacks in Internet Banking", 19th Computer Society of Iran Computer Conference CSICC2014, Tehran, Sh. Beheshti University, Published in Persian on February 2014 .
  • M. Moghimi, A.Yazdian, "New Rule-Based Phishing Detection Method", Expert Systems with Applications (2016), doi: 10.1016/j.eswa.2016.01.028.

References

  • [1]  Arun, S., Anandan, D., Selvaprabhu, T., Sivakumar, B., Revathi, P., & Shine, T. (2012, May). Detecting Phishing Attacks In Purchasing Process Through Proactive Approach. Advanced Computing: An International Journal ( ACIJ ), 3(3), 81-93.[pdf]
  • [2]  Aburrous, M., Hossain, M. A., & Dahal, K. (2010). Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies. Cognitive Computation, 2(3), 242-253. doi: 10.1007/s12559-010-9042-7.
  • [3]  Google, (2014). Content Scripts. Retrieved from Google Chrome Developers: https://developer.chrome.com/ extensions/content_scripts.