Intelligent phishing detection and protection scheme for online transactions

► Explored the existing phishing detection and protection scheme. ► Identified more the legitimate rules and criteria for proposed scheme. ► Proposed a new Neuro-Fuzzy scheme that offered best performance, so far. Phishing is an instance of social engineering techniques used to deceive users into gi...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems with applications 2013-09, Vol.40 (11), p.4697-4706
Main Authors: Barraclough, P.A., Hossain, M.A., Tahir, M.A., Sexton, G., Aslam, N.
Format: Article
Language:English
Subjects:
Applied sciences
Artificial intelligence
Biological and medical sciences
Computer information security
Computer science
control theory
systems
Connectionism. Neural networks
Exact sciences and technology
Fundamental and applied biological sciences. Psychology
Legitimate site rules
Locators
Memory and file management (including protection and security)
Memory organisation. Data processing
Neuro-Fuzzy scheme
On-line systems
Online
Online transaction
Organizations
Phishing
Psychology. Psychoanalysis. Psychiatry
Psychology. Psychophysiology
Social interactions. Communication. Group processes
Social psychology
Software
Training
Websites
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:► Explored the existing phishing detection and protection scheme. ► Identified more the legitimate rules and criteria for proposed scheme. ► Proposed a new Neuro-Fuzzy scheme that offered best performance, so far. Phishing is an instance of social engineering techniques used to deceive users into giving their sensitive information using an illegitimate website that looks and feels exactly like the target organization website. Most phishing detection approaches utilizes Uniform Resource Locator (URL) blacklists or phishing website features combined with machine learning techniques to combat phishing. Despite the existing approaches that utilize URL blacklists, they cannot generalize well with new phishing attacks due to human weakness in verifying blacklists, while the existing feature-based methods suffer high false positive rates and insufficient phishing features. As a result, this leads to an inadequacy in the online transactions. To solve this problem robustly, the proposed study introduces new inputs (Legitimate site rules, User-behavior profile, PhishTank, User-specific sites, Pop-Ups from emails) which were not considered previously in a single protection platform. The idea is to utilize a Neuro-Fuzzy Scheme with 5 inputs to detect phishing sites with high accuracy in real-time. In this study, 2-Fold cross-validation is applied for training and testing the proposed model. A total of 288 features with 5 inputs were used and has so far achieved the best performance as compared to all previously reported results in the field.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2013.02.009