Presented By:

Shaikh Mussavir Ahemad

SGGS IE &T, Nanded

Intelligent Phishing detection & protection scheme for online

Transaction

Outline

Introduction Methodology Feature extraction & analysis Experimental procedures Conclusions & future work References Questions

Introduction

What is phishing ? Phishing basics Phishing information flow Visually similar Webpages Growth rate of phishing sites Approaches of anti phishing Objectives of Study

What is Phishing?

Definition Phishing is an act to fraudulently acquire user’s sensitive

information such as password, credit/debit card number through illegal website that look exactly like target website

Phishing basics

Visually similar website Email containing time constraint Fake https certificate Attractive offers one phishing webpage Attractive games containing link to the phishing webpage

Figure:Phishing information flow

Visually similar websites

Growth rate of phishing sites

According to UK cards association press release report:

Phishing attacks caused $21.6 million loss between January & June 2012

A growth of 28% from June 2011

Number of websites detected by APWG 63,253 /month

Growth rate of phishing sites

Number of URLs 1,75,229 Significant growth caused by huge number of phishing

websites created by criminals for financial benefits Phishing techniques are improved regularly & getting more

sophisticated

Approaches of Antiphishing

Antiphishing approaches are developed to combat the problem of phishing

The existing approaches areFeature based Content based URL blacklist based

Objectives of approach

Identify & extract phishing features based on five inputs

Develop a neuro fuzzy model Train & validate the fuzzy inference model on real time Maximizing the accuracy of performance and minimizing

false positive & operation time

Methodology

Proposed approach utilize Neuro Fuzzy with five inputs

Neuro fuzzy Five inputs

Neuro Fuzzy

Combination of fuzzy logic & neural networkNeuro fuzzy = Fuzzy logic + Neural network

Allows use of numeric & linguistic properties Allows Universal approximation with ability to use fuzzy

IF......Then rules Fuzzy logic deal with reasoning on higher level using

numerical and linguistic information from domain expert

Neural network perform well when dealing with raw data

Five Inputs

Five inputs are five tables where features are extracted and stored for references

Wholly representative of phishing attack technique and strategies

288 features are extracted from these inputsi. Legitimate site rulesii. User behavioral profileiii. Phish tankiv. User specific sitesv. Pop up from email

Five Inputs

Legitimate site rulesSummary of law covering phishing crime

User behavioral profileList of people behavior when interacting with

phishing websites Phish tank

Free community website where suspected websites are verified and voted as a phish by community experts

Five Inputs

User specific sitesContains binding information between user and online transaction service provider

Pop-Ups from EmailPop-Ups from email are general phrases used by phishers

Feature Extraction AndAnalysis

Extraction is based on the five inputs An automated wizard is used to extract features and store

in excel sheet as phishing techniques evolve with time Legitimate site rules consist of 66 extracted features Based on user behavior profile 60 features are extracted Likewise phish tank carries 72 features that are extracted by

exploring 200 phishing websites from phish tank archive

Feature Extraction AndAnalysis

Also user specific sites have 48 features extracted by consulting with bank experts & 20 legal websites

Equally pop-ups from email consist of 42 features gathered by observing pop-ups on screen

These total 288 feature also known as data This data is used to differentiate between

phishing ,legitimate and suspicious websites accurately Most frequent terms are searched by using ‘FIND’ function

Feature Extraction AndAnalysis

Consequently the terms that appear often are assigned a value from 0 to 1 that isphishing website= 1Legitimate website= 0

Suspicious website = Any number between 0 to 1 This strategy facilitate accuracy & reduces

complexity in fuzzy rules

Figure: Intelligent phishing detection system overall process diagram

Experimental Procedure

Training and testing methods 2 fold cross validation method is used to train and test the

accuracy and robustness of the proposed model Divides data into two partsi. Training is done on part Iii. Testing is done on part II Then the role of training and testing is reversed Finally the results are assembled

Conclusion And Future Work

Study presented is based on neural fuzzy scheme to detect phishing websites & protect customers performing online transactions on those sites

Using 2 fold cross validation the proposed scheme with five input offer a high accuracy in detecting phishing sites in real time

Scheme offers better performance in comparison to previously reported research

Primary contribution of this research is the framework of five input which are the most important elements of this research

Continue….

Future work is adding more feature & parameters optimization for a 100% accuracy to develop a plug in toolbar for real time application

References

1. Intelligent phishing detection and protection scheme for online transactions Original Research ArticleExpert Systems with Applications, Volume 40, Issue 11, 1 September 2013, Pages 4697-4706P.A. Barraclough, M.A. Hossain, M.A. Tahir, G. Sexton, N. Aslam

2. Intelligent phishing detection system for e-banking using fuzzy data mining Original Research ArticleExpert Systems with Applications, Volume 37, Issue 12, December 2010, Pages 7913-7921Maher Aburrous, M.A. Hossain, Keshav Dahal, Fadi Thabtah

Any Questions??Any Questions??

Thank Thank You...You...