36 44 final

14
TOWARDS DETECTING PHISHING WEB- PAGES Presented by, Md. Merazul Islam (0507036) & Shuvradeb Barman Srijon (0507044) Supervised by, Mr. Muhammad Sheikh Sadi Assistant Professor Department of Computer Science and Engineering Khulna University of Engineering and Technology Khulna 9203, Bangladesh.

Upload: meraz-rizel

Post on 12-May-2015

549 views

Category:

Education


5 download

DESCRIPTION

final thesis presentation slide

TRANSCRIPT

Page 1: 36 44 Final

TOWARDS DETECTING PHISHING

WEB-PAGES

Presented by,

Md. Merazul Islam (0507036)

&

Shuvradeb Barman Srijon (0507044)

Supervised by,

Mr. Muhammad Sheikh Sadi

Assistant Professor

Department of Computer Science and Engineering

Khulna University of Engineering and Technology

Khulna 9203, Bangladesh.

Page 2: 36 44 Final

INTRODUCTION Cyber Crime- the major concern. Internet fraud affects the rapidly growing

online services. E-commerce is the main target. Social communication sites and mail service

are also attack of them. Technical steps needed to defend them.

Page 3: 36 44 Final

PHISHING? A criminal trick of stealing sensitive personal

information. Fooled user and push them to fall in the trick. Use social engineering and technical

strategy. Mainly, duplicate original web-pages. First describe in 1987.

Page 4: 36 44 Final

PROBLEM STATEMENT Phishing attacks succeed if users fail to

detect phishing sites. Previous anti-phishing falls into four

categories: Study on phishing Training people User interface Detection tools

Precious works deals with limited service. Our approach- Development of an automated

phishing detection method.

Page 5: 36 44 Final

ATTRIBUTES OF PHISHING Similar appearance of web-page. IP based URL & Non Matching URL. URL contain abnormal characters. Mis-spelled URL. Using script or add-in to web browser to

cover the address bar.

Page 6: 36 44 Final

PHISHING STATS According to APWG According to PhishTank

Phishes Verified as Valid

Suspected Phishes Submitted

Total 531086 Total 928206

Online 2770 Online 3021

Offline 528316 Offline 925174

Total phishing attack. (Up to 6th April 2010)

Page 7: 36 44 Final

ANTI-PHISHING Social response

Educating people. Changing habit.

Technical support Identify phishing site. Implementation of secure model. Browser alert. Eliminating phishing mails. Monitoring and Takedown.

Page 8: 36 44 Final

METHODOLOGY

Page 9: 36 44 Final

METHODOLOGY

Page 10: 36 44 Final

METHODOLOGY

Page 11: 36 44 Final

RESULTS

Page 12: 36 44 Final

EXPERIMENTAL ANALYSIS

Approach Accuracy Time (second)

IP based URL 100% 17

Exists in phishing

database

97% 59

Matching source content 81% 134

Abnormal condition 79% 51

Page 13: 36 44 Final

DISCUSSION Our approach reduces the ability of attackers

to automate their attacks, cutting into their profitability.

By using the minimal knowledge base provided by the user-selected web-page, our system is able to compare potential phishing sites with real sites.

Performance and accuracy can be improved by using an image segmentation.

Flash contents can’t be validated whether phishing threat or not in our system.

Page 14: 36 44 Final

THANK YOU

?