Abstract
In today’s cyber era, Internet of Things (IoT) based products are increasingly adopted by users for various purposes. Accesses to these systems are facilitated via a web application to the end user. Traditionally, Phishing attacks were targeted toward banking and financial systems. With the rise in usage of IoT, the attack surface increases. Along with IoT specific attacks, attackers are targeting users with Phishing to steal passwords in order to gain access to IoT devices like security cameras. Phishing is an online attack that has been around for more than two decades. Though there are advanced prevention and detection mechanisms designed and developed by researchers and organizations, statistics show that Phishing has been on the rise. Often, there is a monetary incentive for the bad actor that carries out a phishing attack. This motivates attackers to advance their evasion mechanisms and maintain the status quo as a race between detection and evasion. A methodology Phish-Sec was introduced which paves a way to counter Phishing attacks in a pro-active manner by aggregating signatures of legitimate websites at the source. Phish-Sec involves determining uniqueness across ‘n’ websites. This manuscript provides the mathematical solution using intersection to determine the uniqueness of a visited web page. Iterative intersection is incorporated with Phish-sec to facilitate poison avoidance in its back-end system. By this, Phish-Sec can be expanded to a variety of applications, including non-financial based systems like IoT. It is proved that the overall efficiency of Phish-Sec increases along with its expansion capabilities. The true positive achieved by phish-sec is 99.15% which is 0.15% higher.
Similar content being viewed by others
References
Nirmal K, Janet B, Kumar R (2015) Phishing - the threat that still exists, 2015 International Conference on Computing and Communications Technologies (ICCCT), Chennai, pp. 139-143. PhishTank: an anti-phishing site, LLC OpenDNS, San Francisco, CA, USA
Anti-Phishing Working Group. [Online]. Available: http://www.antiphishing.org. Accessed 20 Mar 2020
Tweneboah-Koduah S, Skouby KE, Tadayoni R (2017) Cyber security threats to IoT applications and service domains. Wirel Pers Commun 95:169–185. https://doi.org/10.1007/s11277-017-4434-6
Matuszak G, Bell G, Le D (2015). Security and the IoT ecosystem. KPMG, December 2015, 132631–G
Quashie Azasoo J, Tweneboah-Koduah S (2016). Cybersecurity architecture in smart metering systems. In smart living and privacy. Unpublished paper. CMI Annual Conference, Copenhagen, Denmark
Sharma R, Mahapatra RP, Sharma N (2020) The internet of things and its applications in cyber security. In: Balas V, Solanki V, Kumar R, Ahad M (eds) A handbook of internet of things in biomedical and cyber physical system. Intelligent systems reference library, vol 165. Springer, Cham
Xiang G, Hong J, Rose CP, Cranor L (2011) Cantina+: A feature rich machine learning framework for detecting phishing Web sites. ACM Trans Inf Syst Secur 4(2) Art. no. 21
Whittaker C, Ryner B, Nazif M (2010) Large-scale automatic classification of phishing pages, in Proc. NDSS, vol. 10. San Diego, CA, USA
Ramesh G, Krishnamurthi I, Kumar KSS (May 2014) An efficacious method for detecting phishing webpages through target domain identification. Decis Support Syst 61:12–22
Nirmal K, Janet B, Kumar R, Enhancing online security using selective DOM approach to counter phishing attacks in Concurrency and Computation: Practice and Experience (CCPE), Special Issue
Aaron G, Rasmussen R (2016) Global phishing survey: Trends and domain name use in 2016, http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf. Accessed 20 Mar 2020
Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (Jan. 2014) Going spear phishing: exploring embedded training and awareness. IEEE Secur Priv 12(1):28–38
C. Inc. (2016). Couldmark toolbar. [online]. Available: http://www.cloudmark.com/desktop/ie-toolbar. Accessed 20 Mar 2020
Likarish P, Jung E, Dunbar D, Hansen TE, Hourcade JP (2008) B-APT: Bayesian anti-phishing toolbar, in Proc. IEEE Int. Conf. Commun. (ICC), pp. 1745–1749. Google safe browsing, Site: https://safebrowsing.google.com/. Accessed 20 Mar 2020
Barracuda. (2017). Barracuda email security gateway. [online]. Available: https://www.barracuda.com/products/emailsecuritygateway. Accessed 20 Mar 2020
Manogaran G, Shakeel PM, Fouad H, Nam Y, Baskar S, Chilamkurti N, Sundarasekar R (2019) Wearable IoT smart-log patch: an edge computing-based Bayesian deep learning network system for multi access physical monitoring system. Sensors 19(13):3030
Chen T-C, Stepan T, Dick S, Miller J (2014) An anti-phishing system employing diffused information. ACM Trans Inf Syst Secur 16(4):16
Fu AY, Wenyin L, Deng X (2006) Detecting phishing Web pages with visual similarity assessment based on earth mover’s distance (EMD). IEEE Trans Depend Secure Comput 3(4):301–311, Oct./Dec.
Hitchcock FL (1941) The distribution of a product from several sources to numerous localities. J Math Phys 20(1–4):224–230
Russ JC, Woods RP (1995) The image processing handbook. J Comput Assist Tomogr 19(6):979–981
Afroz S, Greenstadt R (2009) Phishzoo: an automated web phishing detection approach based on profiling and fuzzy matching, in Proc. 5th IEEE Int. Conf. Semantic Comput. (ICSC)
Chen K-T, Chen J-Y, Huang C-R, Chen C-S (2009) Fighting phishing with discriminative keypoint features. IEEE Internet Comput 13(3):56–63, May/Jun.
Chen T-C, Dick S, Miller J (2010) Detecting visually similar Web pages: Application to phishing detection. ACM Trans Internet Technol 10(2):5
Fu AY, Wenyin L, Deng X (2005) EMD based visual similarity for detection of phishing webpages, in Proc. Int. Workshop Web Doc. Anal., vol. 2005
Hara M, Yamada A, Miyake Y, (2009) Visual similarity-based phishing detection without victim site information, in Proc. IEEE Symp. Comput. Intell. Cyber Security (CICS), Nashville, TN, USA, pp. 30–36
Liu G, Qiu B, Wenyin L, (2010) Automatic detection of phishing target from phishing webpage, in Proc. 20th Int. Conf. Pattern Recognit. (ICPR), Istanbul, Turkey, pp. 4153–4156
Maurer M-E, Herzner D (2012) Using visual website similarity for phishing detection and reporting, in Proc. Extended Abstracts Human Factors Comput. Syst. CHI, Austin, TX, USA, pp. 1625–1630
Medvet E, Kirda E, Kruegel C (2008) Visual-similarity-based phishing detection, in Proc. 4th Int. Conf. Security Privacy Commun. Netw.,Istanbul, Turkey, p. 22
Sanglerdsinlapachai N, Rungsawang A (2010) Using domain top-page similarity feature in machine learning-based Web phishing detection, in Proc. 3rd Int. Conf. Knowl. Disc. Data Min. (WKDD), pp. 187–190
Wenyin L, Huang G, Xiaoyue L, Deng X, Min Z (2005) Phishing Web page detection, in Proc. 8th Int. Conf. Document Anal. Recognit. (ICDAR), Seoul, South Korea, pp. 560–564
Zhang H, Liu G, Chow TWS, Liu W (Oct. 2011) Textual and visual content-based anti-phishing: a Bayesian approach. IEEE Trans Neural Netw 22(10):1532–1546
Garera S, Provos N, Chew M, Rubin AD (2007) A framework for detection and measurement of phishing attacks, in Proc. ACM Workshop Recurring Malcode, Alexandria, VA, USA, pp. 1–8
Prakash P, Kumar M, Kompella RR, Gupta M 2010 PhishNet: Predictive blacklisting to detect phishing attacks, in Proc. IEEE INFOCOM, San Diego, CA, USA, pp. 1–5
Dou Z, Khalil I, Khreishah A, Al-Fuqaha A, Guizani M (2017) Systematization of Knowledge (SoK): a systematic review of software-based web phishing detection. IEEE Commun Surv Tutor 19(4):2797–2819, Fourthquarter
Zhang Y, Hong JI, Cranor LF (2007) Cantina: A content-based approach to detecting phishing Web sites, in Proc. 16th Int. Conf. World Wide Web, Banff, AB, Canada, pp. 639–648
Ma J, Saul LK, Savage S, Voelker GM, (2009) Beyond blacklists: Learning to detect malicious Web sites from suspicious URLs, in Proc. 15th ACM SIGKDD Int. Conf. Knowl. Disc. Data Min., Paris, France, pp. 1245–1254
Sheron, P. F., Sridhar, K. P., Baskar, S., & Shakeel, P. M. (2019). A decentralized scalable security framework for end-to-end authentication of future IoT communication. Transactions on Emerging Telecommunications Technologies, e3815. https://doi.org/10.1002/ett.3815
Lee K, Kaiser B, Mayer J, Narayanan A Department of Computer Science and Center for Information Technology Policy Princeton University, An empirical study of wireless carrier authentication for SIM swaps (draft), Site: https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf. Accessed 20 Mar 2020
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on Network In Box, Architecture, Networking and Applications
Guest Editor: Ching-Hsien Hsu
Rights and permissions
About this article
Cite this article
Nirmal, K., Janet, B. & Kumar, R. Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection. Peer-to-Peer Netw. Appl. 14, 2327–2339 (2021). https://doi.org/10.1007/s12083-020-00944-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00944-z