Conference Papers

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506

Browse

Filters

2017 - 201922020 - 20231

Settings

Author: search.filters.author.Rao, R.S.Subject: search.filters.subject.Phishing

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    An enhanced blacklist method to detect phishing websites
    (Springer Verlag service@springer.de, 2017) Rao, R.S.; Pais, A.R.
    Existing anti-phishing techniques like whitelist or blacklist detect the phishing sites based on the database of approved and unapproved URLs. Most of the current phishing attacks are actually replicas or variations of other attacks in the database. In this paper, we propose an enhanced blacklist method which uses key discriminate features extracted from the source code of the website for the detection of phishing websites. The main focus of our work is to detect the phishing sites which are replicas of existing websites with manipulated content. Each phishing website is identified with a unique fingerprint which is generated from the set of proposed features. We used Simhash algorithm to generate fingerprint for each website. The features used for calculating fingerprint are filenames of the request URLs (js, img, CSS, favicon), pathnames of request URLs (CSS, scripts, img, anchor links), and attribute values of tags (H1, H2, div, body, form). Our experimentation detected 84.36% of phishing sites as replicas of other phishing websites with manipulated content while maintaining zero false positive rate. The proposed method is similar to that of traditional blacklist with an advantage that it can detect replicated and manipulated phishing sites efficiently. © Springer International Publishing AG 2017.
  • No Thumbnail Available
    Item
    Detecting phishing websites using automation of human behavior
    (Association for Computing Machinery, Inc acmhelp@acm.org, 2017) Rao, R.S.; Pais, A.R.
    In this paper, we propose a technique to detect phishing attacks based on behavior of human when exposed to fake website. Some online users submit fake credentials to the login page before submitting their actual credentials. He/She observes the login status of the resulting page to check whether the website is fake or legitimate. We automate the same behavior with our application (FeedPhish) which feeds fake values into login page. If the web page logs in successfully, it is classified as phishing otherwise it undergoes further heuristic filtering. If the suspicious site passes through all heuristic filters then the website is classified as a legitimate site. As per the experimentation results, our application has achieved a true positive rate of 97.61%, true negative rate of 94.37% and overall accuracy of 96.38%. Our application neither demands third party services nor prior knowledge like web history, whitelist or blacklist of URLS. It is able to detect not only zero-day phishing attacks but also detects phishing sites which are hosted on compromised domains. © 2017 Copyright held by the owner/author(s).
  • No Thumbnail Available
    Item
    Machine Learning-Based Technique for Phishing URLs Detection from TLS 1.2 and TLS 1.3 Traffic Without Decryption
    (Springer Science and Business Media Deutschland GmbH, 2023) Kumar, M.; Pais, A.R.; Rao, R.S.
    Phishing is one of the major leading cyberattack leading to huge financial loss and sensitive information loss such as account information, card details, password, login credentials. Existing techniques for phishing URL detection are unable to efficiently classify them. The use of TLS 1.2 and TLS 1.3 for client/server applications to communicate over the Internet securely has also contributed to the increase in these attacks. TLS 1.2 and TLS 1.3 traffic is encrypted, so detecting phishing URLs from encrypted traffic without decryption is a challenging task. In this paper, a machine learning (ML)-based technique is proposed for the detection of phishing URLs from encrypted traffic. The features are extracted from TLS 1.2 and TLS 1.3 traffic and based on the extracted features URLs are classified using ML algorithms. The dataset has been prepared for legitimate and phishing sites based on the features extracted from TLS 1.2 and TLS 1.3 traffic. Based on the experimental results, it is observed that the proposed model achieved promising results in the detection of phishing URLs from the encrypted traffic with an accuracy of 89.6%. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.