36 44 final
DESCRIPTION
final thesis presentation slideTRANSCRIPT
TOWARDS DETECTING PHISHING
WEB-PAGES
Presented by,
Md. Merazul Islam (0507036)
&
Shuvradeb Barman Srijon (0507044)
Supervised by,
Mr. Muhammad Sheikh Sadi
Assistant Professor
Department of Computer Science and Engineering
Khulna University of Engineering and Technology
Khulna 9203, Bangladesh.
INTRODUCTION Cyber Crime- the major concern. Internet fraud affects the rapidly growing
online services. E-commerce is the main target. Social communication sites and mail service
are also attack of them. Technical steps needed to defend them.
PHISHING? A criminal trick of stealing sensitive personal
information. Fooled user and push them to fall in the trick. Use social engineering and technical
strategy. Mainly, duplicate original web-pages. First describe in 1987.
PROBLEM STATEMENT Phishing attacks succeed if users fail to
detect phishing sites. Previous anti-phishing falls into four
categories: Study on phishing Training people User interface Detection tools
Precious works deals with limited service. Our approach- Development of an automated
phishing detection method.
ATTRIBUTES OF PHISHING Similar appearance of web-page. IP based URL & Non Matching URL. URL contain abnormal characters. Mis-spelled URL. Using script or add-in to web browser to
cover the address bar.
PHISHING STATS According to APWG According to PhishTank
Phishes Verified as Valid
Suspected Phishes Submitted
Total 531086 Total 928206
Online 2770 Online 3021
Offline 528316 Offline 925174
Total phishing attack. (Up to 6th April 2010)
ANTI-PHISHING Social response
Educating people. Changing habit.
Technical support Identify phishing site. Implementation of secure model. Browser alert. Eliminating phishing mails. Monitoring and Takedown.
METHODOLOGY
METHODOLOGY
METHODOLOGY
RESULTS
EXPERIMENTAL ANALYSIS
Approach Accuracy Time (second)
IP based URL 100% 17
Exists in phishing
database
97% 59
Matching source content 81% 134
Abnormal condition 79% 51
DISCUSSION Our approach reduces the ability of attackers
to automate their attacks, cutting into their profitability.
By using the minimal knowledge base provided by the user-selected web-page, our system is able to compare potential phishing sites with real sites.
Performance and accuracy can be improved by using an image segmentation.
Flash contents can’t be validated whether phishing threat or not in our system.
THANK YOU
?