PhishDetector is a powerful extension which detects phishing attacks in online banking web sites. It is a rule-based system that analyses the webpage content to identify phishing attacks. PhishDetector has the ability to detect online banking phishing scams quickly with zero false negative alarm. For accurate result, it is recommended to use this extension for your online banking web pages only.
Over the past few years, following the growth of communication networks, internet as the biggest has been widespread popular. Using anonymity provided by the internet, hustlers set out to deceive people with false offers and make themselves look legitimate in this medium . Today, financial crimes are transformed from direct attacks into indirect attacks. phishing is a kind of electronic identity theft in which a combination of social engineering and fake website creating methods is used to deceive user to disclose his/her confidential and invaluable details .
With increased terminals for access to information, online banking creates the need for using reliable methods in order to control and use confidential and vital information. To date, different approaches have been provided for detecting such attacks, but most of them can't detect such attacks accuracy.
We present a new rule-based method for detecting phishing attacks in online banking by classifying web pages into Phishing and Legitimate. Our method performs the web page classification by employing the main characteristics that distinguishing the fake websites from a legitimate. Our new technique has implemented in the form of an extension for chrome browser.
Our method has more functionality such as :
In order to present a cross-browser detection system with more functionality, we decided to implement our rule-based method as a web API. With this strategy, we can build, deploy, and manage our phishing detection system from one source on various browsers. To classify web pages quickly, we need an Inference Engine with high availability APIs with the ability of making secure communication with the extension. We created our rule-based Inference Engine as a RESTful web API and we placed it on the cloud environment behind load balancers.
Phishing detection result appears as soon as PhishDetector Inference Engine (PDIE) classifies the webpage. PhishDetector can identify online banking phishing pages with high accuracy.
At runtime when the user calls our extension by clicking on its icon, our system tries to extract all features as described in related paper. These features extracted from the current webpage URL and content. Then, based on the extracted values and the rules contained in the knowledgebase of our system, the webpage is classified. The result will be shown to the user in the browser output through a popup window, which contains more detail about the inference result. When the system detects the current page as a legitimate webpage, it warns the user to enter his/her information with caution if necessary. For more details, it shows the domain of the webpage too. However, when the system detects a page as a phishing webpage, it shows a popup page that recommend to close the page immediately and do not browse its content
For the runtime performance evaluation of implemented extension, we use a desktop computer with a 2.0GHz Core2Due processor and 2GB RAM. We evaluate the runtime performance with some phishing and legitimate webpages, which selected from our dataset randomly. In worst-case scenario, we got 50ms and near to 12.7ms on average delay until features extracted from a webpage. Total execution time of our extension on various webpages shows that it can extract features and classify the webpage based on features vector at 1,500ms ~ 4,800ms, which is relatively acceptable.
To classify webpages based on features vector, it is necessary to train the system on real data. Our dataset obtained from two different sources: Legitimate webpages collected from Yahoo directory service and phishing webpages collected from PhishTank. Our phishing webpage collection focused on online banking web sites. We generated three datasets using stratified sampling with unique online banking phishing and legitimate webpages: