An enhanced blacklist method to detect phishing websites

Abstract

Existing anti-phishing techniques like whitelist or blacklist detect the phishing sites based on the database of approved and unapproved URLs. Most of the current phishing attacks are actually replicas or variations of other attacks in the database. In this paper, we propose an enhanced blacklist method which uses key discriminate features extracted from the source code of the website for the detection of phishing websites. The main focus of our work is to detect the phishing sites which are replicas of existing websites with manipulated content. Each phishing website is identified with a unique fingerprint which is generated from the set of proposed features. We used Simhash algorithm to generate fingerprint for each website. The features used for calculating fingerprint are filenames of the request URLs (js, img, CSS, favicon), pathnames of request URLs (CSS, scripts, img, anchor links), and attribute values of tags (H1, H2, div, body, form). Our experimentation detected 84.36% of phishing sites as replicas of other phishing websites with manipulated content while maintaining zero false positive rate. The proposed method is similar to that of traditional blacklist with an advantage that it can detect replicated and manipulated phishing sites efficiently. � Springer International Publishing AG 2017.