An Anti-Web Phishing Application for Analyzing the Security of Websites

Nowadays, one of the major internet security problems being faced is ‘Web Phishing’, whereby attackers get hold of the personal and sensitive information of the internet users. Sometimes, attackers create fake web pages just to mislead users and give them wrong information. With the increase of more and more sophisticated attacks like Whale Phishing, Spear Phishing, and Ransomware among others, internet users easily fall in attackers’ traps. Most web browsers are not able to counteract or block these attacks and hence internet users consider the spoofed webpages to be legitimate ones and end up giving their details like credit cards details, passwords and usernames among others. In this paper, an application has been developed in Java that performs several tests on a URL, on the different hyperlinks present on the web page and on the content of the web page and provides a security rating to the internet user. Together with the percentage security, the user is informed if the web page is safe, doubtful or unsafe. The security ratings of several website domains such as, .gov, .co, .edu, .info, .mu, .ac, .org, .net, .com were also analysed. Furthermore, tests using independent samples ANOVA and Tukey HSD were performed and they revealed that there was a significant difference between the security ratings of the websites.

PDF

___

Aaron G. and Rasmussen R., Global Phishing Survey: Trends and Domain Name Use in 2016, pp. 5, 2017.
Chelliah G. A and Aruna S., Preventing Phishing Attacks Using Anti-Phishng Prevention Technique, International Journal of Engineering Development and Research, pp. 60- 63, 2014.
Khan A. A., Preventing Phishing Attacks using One Time Password and User Machine Identification, International Journal of Computer Application, vol. 68, no. 3, pp. 7-11, 2013.
Avast Support. 2018. Avast Online Security browser extension – Getting Started | Official Avast Support. [Online] Available at: https://support.avast.com/en-au/article/18/ [Accessed 23 November 2017]
Safe Browsing – Google Safe Browsing. 2018. [Online] Available at: https://safebrowsing.google.com/ [Accessed 9 January 2018]
Kirda E. and Krugel C., Protecting Users Against Phishing Attacks, The Computer Journal, vol. 00, no. 0, pp. 1-8, 2005.
Naresh U., Sagar U. V. and Reddy C. V. M, Intelligent Phishing Website Detection and Prevention System by Using Link Guard Algorithm, IOSR Journal of Computer Engineering (IOSR-JCE), vol. 14, no. 3, pp. 28-36, 2013.
WOT Services Ltd.,2018. Web of Trust (WOT) – Crowdsourced web safety | WOT (Web of Trust). [Online] Available at: https://www.mywot.com/en/aboutus [Accessed 10 September 2017]
TrustWatch – WEB SITE VERIFICATION SERVICE. [Online] Available at: https://www.trustico.co.in/material/DS_TrustWatch.pdf [Accessed 29 October 2017]
Jain A. K. and Gupta B. B., Phishing Detection: Analysis of Visual Similarity Based Approaches, Security and Communication Networks, vol. 2017, pp. 1-20, 2017
Wanawe K., Awasare S. and Puri N. V., An Efficient Approach to Detecting Phising A Web Using K-Means and Naïve- Bayes Algorithms, International Journal of Research in Advent Technology, vol. 2, no. 3, pp. 106-111, 2014
Alkhozae M. G. and Batarfi O. A., Phishing Websites Detection based on Phishing Characteristics in the Webpage Source Code, International Journal of Information and Communication Technology Research, vol. 1, no. 6, pp. 283-291, 2011
The State of Security. 6 Common Phishing Attacks and How to Protect Against Them, 2018. [Online] Available at: https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/ [Accessed 8 April 2018]
Ho G., Sharma A., Javed M., Paxson V. and Wagner D., Detectimg Credential Spearphishing Attacks in Enterprise Settings, usenix, pp. 469-484, 2017.
The State of Security. 6 Common Phishing Attacks and How to Protect Against Them, 2018. [Online] Available at: https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/ [Accessed 8 April 2018]
Chaudhry J. A, Chaudry S. A. and Rittenhouse R. G., Phishing Attacks and Defences. International Journal of Security and its Application, vol. 10, no. 1, pp. 247-256, 2016.
Tracking Protection | Firefox Help. 2018. Tracking Protection | Firefox Help. [Online] Available at: https://support.mozilla.org/en-US/kb/tracking-protection [Accessed 3 January 2018]
Lane D. M., Analysis of Variance. Online Statistics Education B. pp. 517-598
Sun T, Spam Filtering based on Naïve Bayes Classification, pp. 1-42, 2009
Heron E., Analysis of Variance – ANOVA, 2009. [Online] Available at: https://www.tcd.ie/medicine/neuropsychiatric-genetics/assets/pdf/2009_3_ANOVA.pdf [Accessed 9 December 2017]
Analysis of Variance (ANOVA) [Online] Available at: https://www.calvin.edu/~scofield/courses/m143/materials/handouts/anova1And2.pdf [Accessed 15 December 2017]
Rami M. Mohammad, Fadi Thabtah and Lee McCluskey, “Intelligent rule-based phishing websites classification”, IET Information Security Volume: 8, Issue: 3, pp. 153 – 160, May 2014, DOI: 10.1049/iet-ifs.2013.0202.
Yasin Sönmez, Türker Tuncer and Hüseyin Gökal, “Phishing web sites features classification based on extreme learning machine”, 6th IEEE International Symposium on Digital Forensic and Security (ISDFS), 22-25 March 2018, Antalya, Turkey, DOI: 10.1109/ISDFS.2018.8355342.