Abstract
Nowadays, the phishing attack is emerging as serious Internet security threat, which causes massive financial losses every year. There are various approaches available to detect phishing attack, e.g., blacklist, machine learning, visual similarity, etc. However, most of these approaches have various limitations, as they are complicated, produce high false positive rate, language dependent, slow in nature, and not fit for the real-time environment. In this paper, we present a two-level authentication approach, which not only detects phishing attacks accurately in real time environment but also does not depend on the textual language of the webpage. Proposed approach execute two authentications before declaring a webpage as phishing, which makes it more accurate, reliable, and fast. In the first level authentication, the search engine based mechanism is proposed which use a simple, reliable and language independent query to authenticate the webpage. The second level authentication processes different hyperlinks within the source code of the webpage for the detection of phishing webpages. Performance of the proposed approach is evaluated, and it achieved the significantly higher true negative rate of 99.95%. Comparison with other existing methods also proves the supremacy of our proposed approach.
Similar content being viewed by others
References
Aboudi NE, Benhlima L (2017) Parallel and distributed population based feature selection framework for health monitoring. Int J Cloud Appl Comput 7(1):57–71
Alexa top websites (2017). http://www.alexa.com/topsites. Accessed 22 Aug 2017
APWG Q4 2016 Report (2017). http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf. Accessed 22 Aug 2017
Chang X, Yang Y (2017) Semi-supervised feature analysis by mining correlations among multiple tasks. IEEE Trans Neural Netw Learn Syst 28(10):2294–2305
Chang X, Ma Z, Yang Y, Zeng Z, Hauptmann AG (2017a) Bi-level semantic representation analysis for multimedia event detection. EEE Trans Cybern 47(5):1180–1197
Chang X, Yu YL, Yang Y, Xing EP (2017b) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632
Chiew KL, Chang EH, Sze SN, Tiong WK (2015) Utilisation of website logo for phishing detection. Comput Secur 54:16–26
Chu P, Józsa E, Komlodi A, Hercegfi K (2012) An exploratory study on search behavior in different languages. In: 4th information interaction in context symposium, pp 318–321
Chu P, Komlodi A, Rózsa G (2015) Online search in english as a non-native language. Proc Assoc Inf Sci Technol 52(1):1–9
Dhamij R, Tygar J, Hearst M (2006) Why phishing works. In: ACM CHI conference on human factors in computing systems. ACM, Montréal, pp 581–590
Dunlop M, Groat S, Shelly D (2010) GoldPhish: using images for content-based phishing analysis. In: International conference on internet monitoring and protection. Barcelona, Spain, pp 123–128
Google Safe browsing API (2017). https://developers.google.com/safebrowsing. Accessed 22 Aug 2017
Gowtham R, Krishnamurthi I (2014) A comprehensive and efficacious architecture for detecting phishing webpages. Comput Secur 40:23–37
Gowtham R, Krishnamurthi I, Kumar K (2014) An efficacious method for detecting phishing webpage through target domain identification. Decis Support Syst 61:12–22
Gupta S, Gupta BB (2017) Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: present and future challenges. Int J Cloud Appl Comput 7(3):1–43
Gupta BB, Tewari A, Jain AK, Agrawal DP (2016) Fighting against phishing attacks: state of the art and future challenges. Neural Comput Appl. https://doi.org/10.1007/s00521-016-2275-y
How Google Search Works, 2017 (2017). https://support.google.com/webmasters/answer/70897?hl=en. Accessed 22 Aug 2017
Huh JH, Kim H (2011) Phishing detection with popular search engines: simple and effective. In: 4th Canada-France MITACS conference on foundations and practice of security, pp 194–207
Jain AK, Gupta BB (2016) A novel approach to protect against phishing attacks at client side using auto-updated white-list. EURASIP J Inf Secur 2016:1–11
Jain AK, Gupta BB (2017) Phishing detection: analysis of visual similarity based approaches. Secur Commun Netw. https://doi.org/10.1155/2017/5421046
Moghimi M, Varjani AY (2016) New rule-based phishing detection method. Expert Syst Appl 53:231–242
Openphish phishing dataset (2017). https://www.openphish.com. Accessed 22 Aug 2017
Phishlab Phishing report (2016). https://www.phishlabs.com/phishlabs-2016-phishing-trends-intelligence-report-hacking-the-human. Accessed 22 Aug 2017
Phishtank dataset (2017). http://www.phishtank.com. Accessed 22 Aug 2017
Purkait S (2015) Examining the effectiveness of phishing filters against DNS based phishing attacks. Inf Comput Secur 23(3):333–346
Rao RS, Pais AR (2017) Detecting phishing websites using automation of human behavior. In: 3rd ACM workshop on cyber-physical system security. Abu Dhabi, pp 33–42
Tan CL, Chiew KL, Wong K (2016) PhishWHO: phishing webpage detection via identity keywords extraction and target domain name finder. Decis Support Syst 88:18–27
Usage of content languages for websites (2017). https://w3techs.com/technologies/overview/content_language/all. Accessed 22 Aug 2017
Varshney G, Misra M, Atrey PK (2016) A phish detector using lightweight search features. Comput Secur 62:213–228
Wenyin L, Fang N, Quan X, Qiu B, Liu G (2010) Discovering phishing target based on semantic link network. Future Gen Comput Syst 26(3):381–388
Xiang G, Hong JI (2009) A hybrid phish detection approach by identity discovery and keywords retrieval. In: 18th international conference on World wide web (WWW ‘09), pp 571–580
Yang W, Xiong A, Chen J, Proctor RW, Li N (2017) Use of phishing training to improve security warning compliance: evidence from a field experiment. In: Hot topics in science of security: symposium and bootcamp. ACM, Hanover, pp 52–61
Zhang Y, Hong J, Cranor L (2007) CANTINA: a content-based approach to detecting phishing websites. In: 16th international world wide web conference (WWW2007). Banff, Alberta, Canada, pp 639–648
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jain, A.K., Gupta, B.B. Two-level authentication approach to protect from phishing attacks in real time. J Ambient Intell Human Comput 9, 1783–1796 (2018). https://doi.org/10.1007/s12652-017-0616-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0616-z