Proposing a new clustering method to detect phishing websites

Phishing websites are fake ones that are developed by ill-intentioned people to imitate real and legal websites. Most of these types of web pages have high visual similarities to hustle the victims. The victims of phishing websites may give their bank accounts, passwords, credit card numbers, and other important information to the designers and owners of phishing websites. The increasing number of phishing websites has become a great challenge in e-business in general and in electronic banking speci cally. In the present study, a novel framework based on model-based clustering is introduced to ght against phishing websites. First, a model is developed out of those websites that already have been identi ed as phishing websites as well as real websites that belong to the original owners. Then each new website is compared with the model and categorized into one of the model clusters by a probability. The analyses reveal that the proposed algorithm has high accuracy.

PDF

___

[1] Shang S, Holbrook M, Kumara P, Carnot LF, Downs J. Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems; 2010. New York, NY, USA: ACM. pp. 373-382.
[2] Alari A, Alsaleh M, Alomar M. A model for evaluating the security and usability of e-banking platforms. Computing 2017; 99: 519-535.
[3] Safeena R, Kammani A, Date H. Assessment of Internet banking adoption: an empirical analysis. Arab J Sci Eng 2014; 39: 837-849.
[4] Yu WD, Nargundkar S, Tiruthani N. A phishing vulnerability analysis of web based systems. In: Proceedings of the 13th IEEE Symposium on Computers and Communications; 2008; Morocco. New York, NY, USA: IEEE. pp. 326-331.
[5] Moreno-Fernandez MM, Blanco F, Garaizar P, Matute H. Fishing for phishers. Improving Internet users' sensitivity to visual deception cues to prevent electronic fraud. Comput Hum Behav 2017; 69: 421-436.
[6] Ali MM, Rajamani L. Deceptive phishing detection system: from audio and text messages in instant messengers using data mining approach. In: Proceedings of the IEEE International Conference on Pattern Recognition, Informatics and Medical Engineering; 21{23 March 2012; Salem, India. New York, NY, USA: IEEE. pp. 458-463.
[7] Sohrabi MK, Akbari S. A comprehensive study on the effects of using data mining techniques to predict tie strength. Comput Hum Behav 2016; 60: 534-541.
[8] Sohrabi MK, Barforoush AA. Efficient colossal pattern mining in high dimensional datasets. Knowl-Based Syst 2012; 33: 41-52.
[9] Sohrabi MK, Barforoush AA. Parallel frequent itemset mining using systolic arrays. Knowl-Based Syst 2013; 37: 462-471.
[10] Sohrabi MK, Roshani R. Frequent pattern mining using cellular learning automata. Comput Hum Behav 2017; 68: 244-253.
[11] Sohrabi MK, Ghods V. Top-down vertical itemset mining. In: SPIE 2014 International Conference on Graphic and Image Processing; 24{26 October 2014; Beijing, China. Bellingham, WA, USA: SPIE. pp. 1-7.
[12] Sohrabi MK, Azgomi H. Parallel set similarity join on big data based on locality-sensitive hashing. Sci Comput Program 2017; 145: 1-12.
[13] Sohrabi MK, Marzooni HH. Association rule mining using new FP-linked list algorithm. Journal of Advances in Computer Research 2016; 7: 23-34.
[14] Sohrabi MK, Azgomi H. TSGV: A table-like structure based greedy method for materialized view selection in data warehouse. Turk J Electr Eng Co 2017; 25: 3175-3187.
[15] Sohrabi MK, Ghods V. Materialized view selection for a data warehouse using frequent itemset mining. Journal of Computers 2016; 11: 140-148.
[16] Ali MM, Rajmani L. APD: ARM deceptive phishing detector system phishing detection in instant messengers using data mining approach. In: Proceedings of 4th International Conference on Global Trends in Computing and Communication Systems; 2011. Berlin, Germany: Springer. pp. 490-502.
[17] Mohammad RM, Thabtah F, McCluskey L. Predicting phishing websites based on self-structuring neural network. Neural Comput Appl 2014; 25: 443-458.
[18] Rajalingam M, Alomari SA, Sumari P. Prevention of phishing attacks based on discriminative key point features of webpages. International Journal of Computer Science and Security 2012; 6: 324-332.
[19] Ramesh G, Krishnamurthi I, Kumar K. An efficacious method for detecting phishing web pages through target domain identi cation. Decis Support Syst 2014; 61: 12-22.
[20] Islam R, Abawajy J. A multi-tier phishing detection and ltering approach. J Netw Comput Appl 2013; 36: 324-335.
[21] Almomani A. Evolving fuzzy neural network for phishing emails detection. J Comput Sci 2012; 8: 1099-1107.
[22] Wei W, Li J, Cao L, Ou J, Chen J. Effective detection of sophisticated online banking fraud on extremely imbalanced data. World Wide Web 2013; 16: 449-475.
[23] Ajlouni M, Hadi W, Alwedyan J. Detecting phishing websites using associative classi cation. Journal of Information Engineering and Applications 2013; 5: 1899-1905.
[24] Abdelhamid N, Ayesh A, Thabtah F. Phishing detection based on associative classi cation data mining. Expert Syst Appl 2014; 41: 5948-5959.
[25] Khonji M, Iraqi Y. Phishing detection: a literature survey. IEEE Commun Surv Tut 2013; 15: 24-40.
[26] Khorshed T, Ali A, Wasimi SA. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener Comp Sy 2012; 28: 833-851.
[27] Va SL, Vijaya MS. Efficient prediction of phishing websites using supervised learning algorithms. Procedia Engineering 2012; 30: 798-805.