Abstract
In modern era, Web-based applications and services have changed the landscape of information delivery and exchange in today’s corporate, government and educational arenas. An increase in the usage of web applications is directly related to the number of security threats for them. The threats leveraged through vulnerabilities, that leads to creating an attack in web applications and it will be create severe damage in online transactions. Among the various types of the website attack, phishing attack is the most common and well-known type in web application. Phishing is a cyber crime activity performed to acquire user’s sensitive information such as passwords and credit card, social security, and bank account details by masquerading as a trustworthy entity in an electronic communication. This kind of threat is famous in online payment web sites, online auction and online backing web sites. In this paper we have proposed a novel approach to detect the phishing web sites by passing the user requested website address to the Google Application Programming Interface (API) to intercepting most relevance URLs (Uniform Resource Locater). The intercepted URLs are used to constructing a parse tree with the root node of requested URL. The constructed parse tree will be employed to validate the requested web site address. Identification of the phishing web site is implemented through independent web services. Our approach in a web application is independent module and it doesn’t demand any change in application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anti phishing working group (APWG): Global Phishing Survey- Trends and Domain Name Use in 1H2009. International Journal (2010)
Bargadiya, M., Chaudhari, V.: Anti-Phishing Design Using Mutual Authentication Approach. PG Research Group, IT-Department, RGPV Technocrats Institute of Technology (TIT), Bhopal (M.P.) INDIA (2010)
Xiang, G., Hong, J.I.: A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval. In: Proceedings of the 18th International Conference on World Wide Web (2009)
Xiang, G., Hong, J., Cranor, L., Rose, C.P.: Cantina+ A Feature-rich Machine Learning Framework for Detecting Phishing Web Sites. ACM Transactions on Information and System Security (TISSEC) 14(2) (2011)
Yearwood, J.: Profiling Phishing Emails Based on Hyperlink Information. Graduate School of ITMS, University of Ballarat, Vic, Australia (2010)
Fu, Y., Wenyin, L., Deng, X.: EMD based Visual Similarity for Detection of Phishing Webpages. Dept. of Computer Science, City University of Hong Kong (2006)
Wardman, B., Skukla, G., Warner, G.: Identifying Vulnerable Websites by Analysis of Common Strings in Phishing URLs. Computer Forensics Lab University of Alabama at Birmingham (2009)
Chen, J., Guo, C.: Online Detection and Prevention of Phishing Attacks. Institute of Communications Engineering, Nanjing (2006)
APWG: Issues in Using DNS Who is Data for Phishing Site Take Down (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shanmughaneethi, V., Abraham, R., Swamynathan, S. (2012). A Robust Defense Mechanism to Prevent Phishing Attack Using Parse Tree Validation. In: Thilagam, P.S., Pais, A.R., Chandrasekaran, K., Balakrishnan, N. (eds) Advanced Computing, Networking and Security. ADCONS 2011. Lecture Notes in Computer Science, vol 7135. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29280-4_64
Download citation
DOI: https://doi.org/10.1007/978-3-642-29280-4_64
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29279-8
Online ISBN: 978-3-642-29280-4
eBook Packages: Computer ScienceComputer Science (R0)