Skip to main content
SpringerLink
Log in

Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

In today’s cyber era, Internet of Things (IoT) based products are increasingly adopted by users for various purposes. Accesses to these systems are facilitated via a web application to the end user. Traditionally, Phishing attacks were targeted toward banking and financial systems. With the rise in usage of IoT, the attack surface increases. Along with IoT specific attacks, attackers are targeting users with Phishing to steal passwords in order to gain access to IoT devices like security cameras. Phishing is an online attack that has been around for more than two decades. Though there are advanced prevention and detection mechanisms designed and developed by researchers and organizations, statistics show that Phishing has been on the rise. Often, there is a monetary incentive for the bad actor that carries out a phishing attack. This motivates attackers to advance their evasion mechanisms and maintain the status quo as a race between detection and evasion. A methodology Phish-Sec was introduced which paves a way to counter Phishing attacks in a pro-active manner by aggregating signatures of legitimate websites at the source. Phish-Sec involves determining uniqueness across ‘n’ websites. This manuscript provides the mathematical solution using intersection to determine the uniqueness of a visited web page. Iterative intersection is incorporated with Phish-sec to facilitate poison avoidance in its back-end system. By this, Phish-Sec can be expanded to a variety of applications, including non-financial based systems like IoT. It is proved that the overall efficiency of Phish-Sec increases along with its expansion capabilities. The true positive achieved by phish-sec is 99.15% which is 0.15% higher.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Nirmal K, Janet B, Kumar R (2015) Phishing - the threat that still exists, 2015 International Conference on Computing and Communications Technologies (ICCCT), Chennai, pp. 139-143. PhishTank: an anti-phishing site, LLC OpenDNS, San Francisco, CA, USA

  2. Anti-Phishing Working Group. [Online]. Available: http://www.antiphishing.org. Accessed 20 Mar 2020

  3. Tweneboah-Koduah S, Skouby KE, Tadayoni R (2017) Cyber security threats to IoT applications and service domains. Wirel Pers Commun 95:169–185. https://doi.org/10.1007/s11277-017-4434-6

    Article  Google Scholar 

  4. Matuszak G, Bell G, Le D (2015). Security and the IoT ecosystem. KPMG, December 2015, 132631–G

  5. Quashie Azasoo J, Tweneboah-Koduah S (2016). Cybersecurity architecture in smart metering systems. In smart living and privacy. Unpublished paper. CMI Annual Conference, Copenhagen, Denmark

  6. Sharma R, Mahapatra RP, Sharma N (2020) The internet of things and its applications in cyber security. In: Balas V, Solanki V, Kumar R, Ahad M (eds) A handbook of internet of things in biomedical and cyber physical system. Intelligent systems reference library, vol 165. Springer, Cham

    Google Scholar 

  7. Xiang G, Hong J, Rose CP, Cranor L (2011) Cantina+: A feature rich machine learning framework for detecting phishing Web sites. ACM Trans Inf Syst Secur 4(2) Art. no. 21

  8. Whittaker C, Ryner B, Nazif M (2010) Large-scale automatic classification of phishing pages, in Proc. NDSS, vol. 10. San Diego, CA, USA

  9. Ramesh G, Krishnamurthi I, Kumar KSS (May 2014) An efficacious method for detecting phishing webpages through target domain identification. Decis Support Syst 61:12–22

    Article  Google Scholar 

  10. Nirmal K, Janet B, Kumar R, Enhancing online security using selective DOM approach to counter phishing attacks in Concurrency and Computation: Practice and Experience (CCPE), Special Issue

  11. Aaron G, Rasmussen R (2016) Global phishing survey: Trends and domain name use in 2016, http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf. Accessed 20 Mar 2020

  12. Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (Jan. 2014) Going spear phishing: exploring embedded training and awareness. IEEE Secur Priv 12(1):28–38

    Article  Google Scholar 

  13. C. Inc. (2016). Couldmark toolbar. [online]. Available: http://www.cloudmark.com/desktop/ie-toolbar. Accessed 20 Mar 2020

  14. Likarish P, Jung E, Dunbar D, Hansen TE, Hourcade JP (2008) B-APT: Bayesian anti-phishing toolbar, in Proc. IEEE Int. Conf. Commun. (ICC), pp. 1745–1749. Google safe browsing, Site: https://safebrowsing.google.com/. Accessed 20 Mar 2020

  15. Barracuda. (2017). Barracuda email security gateway. [online]. Available: https://www.barracuda.com/products/emailsecuritygateway. Accessed 20 Mar 2020

  16. Manogaran G, Shakeel PM, Fouad H, Nam Y, Baskar S, Chilamkurti N, Sundarasekar R (2019) Wearable IoT smart-log patch: an edge computing-based Bayesian deep learning network system for multi access physical monitoring system. Sensors 19(13):3030

    Article  Google Scholar 

  17. Chen T-C, Stepan T, Dick S, Miller J (2014) An anti-phishing system employing diffused information. ACM Trans Inf Syst Secur 16(4):16

    Google Scholar 

  18. Fu AY, Wenyin L, Deng X (2006) Detecting phishing Web pages with visual similarity assessment based on earth mover’s distance (EMD). IEEE Trans Depend Secure Comput 3(4):301–311, Oct./Dec.

    Article  Google Scholar 

  19. Hitchcock FL (1941) The distribution of a product from several sources to numerous localities. J Math Phys 20(1–4):224–230

    Article  MathSciNet  Google Scholar 

  20. Russ JC, Woods RP (1995) The image processing handbook. J Comput Assist Tomogr 19(6):979–981

    Article  Google Scholar 

  21. Afroz S, Greenstadt R (2009) Phishzoo: an automated web phishing detection approach based on profiling and fuzzy matching, in Proc. 5th IEEE Int. Conf. Semantic Comput. (ICSC)

  22. Chen K-T, Chen J-Y, Huang C-R, Chen C-S (2009) Fighting phishing with discriminative keypoint features. IEEE Internet Comput 13(3):56–63, May/Jun.

    Article  Google Scholar 

  23. Chen T-C, Dick S, Miller J (2010) Detecting visually similar Web pages: Application to phishing detection. ACM Trans Internet Technol 10(2):5

    Article  Google Scholar 

  24. Fu AY, Wenyin L, Deng X (2005) EMD based visual similarity for detection of phishing webpages, in Proc. Int. Workshop Web Doc. Anal., vol. 2005

  25. Hara M, Yamada A, Miyake Y, (2009) Visual similarity-based phishing detection without victim site information, in Proc. IEEE Symp. Comput. Intell. Cyber Security (CICS), Nashville, TN, USA, pp. 30–36

  26. Liu G, Qiu B, Wenyin L, (2010) Automatic detection of phishing target from phishing webpage, in Proc. 20th Int. Conf. Pattern Recognit. (ICPR), Istanbul, Turkey, pp. 4153–4156

  27. Maurer M-E, Herzner D (2012) Using visual website similarity for phishing detection and reporting, in Proc. Extended Abstracts Human Factors Comput. Syst. CHI, Austin, TX, USA, pp. 1625–1630

  28. Medvet E, Kirda E, Kruegel C (2008) Visual-similarity-based phishing detection, in Proc. 4th Int. Conf. Security Privacy Commun. Netw.,Istanbul, Turkey, p. 22

  29. Sanglerdsinlapachai N, Rungsawang A (2010) Using domain top-page similarity feature in machine learning-based Web phishing detection, in Proc. 3rd Int. Conf. Knowl. Disc. Data Min. (WKDD), pp. 187–190

  30. Wenyin L, Huang G, Xiaoyue L, Deng X, Min Z (2005) Phishing Web page detection, in Proc. 8th Int. Conf. Document Anal. Recognit. (ICDAR), Seoul, South Korea, pp. 560–564

  31. Zhang H, Liu G, Chow TWS, Liu W (Oct. 2011) Textual and visual content-based anti-phishing: a Bayesian approach. IEEE Trans Neural Netw 22(10):1532–1546

    Article  Google Scholar 

  32. Garera S, Provos N, Chew M, Rubin AD (2007) A framework for detection and measurement of phishing attacks, in Proc. ACM Workshop Recurring Malcode, Alexandria, VA, USA, pp. 1–8

  33. Prakash P, Kumar M, Kompella RR, Gupta M 2010 PhishNet: Predictive blacklisting to detect phishing attacks, in Proc. IEEE INFOCOM, San Diego, CA, USA, pp. 1–5

  34. Dou Z, Khalil I, Khreishah A, Al-Fuqaha A, Guizani M (2017) Systematization of Knowledge (SoK): a systematic review of software-based web phishing detection. IEEE Commun Surv Tutor 19(4):2797–2819, Fourthquarter

    Article  Google Scholar 

  35. Zhang Y, Hong JI, Cranor LF (2007) Cantina: A content-based approach to detecting phishing Web sites, in Proc. 16th Int. Conf. World Wide Web, Banff, AB, Canada, pp. 639–648

  36. Ma J, Saul LK, Savage S, Voelker GM, (2009) Beyond blacklists: Learning to detect malicious Web sites from suspicious URLs, in Proc. 15th ACM SIGKDD Int. Conf. Knowl. Disc. Data Min., Paris, France, pp. 1245–1254

  37. Sheron, P. F., Sridhar, K. P., Baskar, S., & Shakeel, P. M. (2019). A decentralized scalable security framework for end-to-end authentication of future IoT communication. Transactions on Emerging Telecommunications Technologies, e3815. https://doi.org/10.1002/ett.3815

  38. Lee K, Kaiser B, Mayer J, Narayanan A Department of Computer Science and Center for Information Technology Policy Princeton University, An empirical study of wireless carrier authentication for SIM swaps (draft), Site: https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf. Accessed 20 Mar 2020

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology, Tiruchirappalli, India

    K. Nirmal & B. Janet

  2. Wipro Technologies, Bangalore, India

    R. Kumar

Authors
  1. K. Nirmal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Janet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Nirmal.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection: Special Issue on Network In Box, Architecture, Networking and Applications

Guest Editor: Ching-Hsien Hsu

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nirmal, K., Janet, B. & Kumar, R. Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection. Peer-to-Peer Netw. Appl. 14, 2327–2339 (2021). https://doi.org/10.1007/s12083-020-00944-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-020-00944-z

Keywords

Search

Navigation