An efficacious method for detecting phishing webpages through target domain identification

Phishing is a fraudulent act to acquire sensitive information from unsuspecting users by masking as a trustworthy entity in an electronic commerce. Several mechanisms such as spoofed e-mails, DNS spoofing and chat rooms which contain links to phishing websites are used to trick the victims. Though t...

Full description

Saved in:
Bibliographic Details
Published in:Decision Support Systems 2014-05, Vol.61, p.12-22
Main Authors: Ramesh, Gowtham, Krishnamurthi, Ilango, Kumar, K. Sampath Sree
Format: Article
Language:English
Subjects:
Algorithms
Anti-phishing
Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Cybercrime
Denial of service attacks
E-commerce security
Electronic commerce
Exact sciences and technology
Hyperlinks
Information systems. Data bases
Memory and file management (including protection and security)
Memory organisation. Data processing
Phishing
Security management
Software
Studies
Target domain detection
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Phishing is a fraudulent act to acquire sensitive information from unsuspecting users by masking as a trustworthy entity in an electronic commerce. Several mechanisms such as spoofed e-mails, DNS spoofing and chat rooms which contain links to phishing websites are used to trick the victims. Though there are many existing anti-phishing solutions, phishers continue to lure the victims. In this paper, we present a novel approach that not only overcomes many of the difficulties in detecting phishing websites but also identifies the phishing target that is being mimicked. We have proposed an anti-phishing technique that groups the domains from hyperlinks having direct or indirect association with the given suspicious webpage. The domains gathered from the directly associated webpages are compared with the domains gathered from the indirectly associated webpages to arrive at a target domain set. On applying Target Identification (TID) algorithm on this set, we zero-in the target domain. We then perform third-party DNS lookup of the suspicious domain and the target domain and on comparison we identify the legitimacy of the suspicious page. •A novel approach to detect the phishing webpage by identifying its target•The Target Identification (TID) algorithm is designed to identify the phishing target.•Identified target domain and the suspicious page domain are checked to find legitimacy of the page.•We identified phishing targets of the webpages with over 99% of accuracy.
ISSN:0167-9236
1873-5797
DOI:10.1016/j.dss.2014.01.002