Machine Learning-Based Client-Side Protection Against Web Spoofing Attacks with PhishCatcher
Keywords:
Web spoofing, security and privacy, machine learning, web security, browser extensionAbstract
This venture looks to moderate the continuous gamble of phishing attacks by the making of "PhishCatcher", a "client-side protection mechanism". The principal objective is to utilize "machine learning" as a central component for the viable recognition of arising web based caricaturing dangers. The undertaking expects to further develop the security act against phishing endeavors by focusing on the client side. The emphasis on "machine learning" features the need for a responsive and keen protection framework. The incorporation of "machine learning" into "PhishCatcher" looks to prepare the application to outperform the consistently propelling systems used by phishing culprits. This procedure ensures a more productive and versatile response to developing internet "mocking dangers". This drive features the critical need to battle web caricaturing because of the rising danger of phishing, especially in the midst of uplifted web-based exercises. The making of "PhishCatcher" is considered fundamental for safeguarding client "protection and corporate protection" from expanding phishing assaults. Not at all like traditional server-side arrangements with intrinsic requirements, has “PhishCatcher” utilized a client-side security technique. This conscious choice empowers clients to use an extensive cautious arrangement without expecting modifications to the designated sites. This client-driven approach looks to address the impediments innate in customary server-side arrangements. PhishCatcher is designed with the end-client as vital, especially for people who are frequently focused on by phishing attacks. The program gives substantial benefits by working on internet based security, especially lessening the probability of wholesale fraud, and obstructing misrepresentation by means of the effective distinguishing proof of unsafe "URLs". By focusing on the client, "PhishCatcher" fills in as a fundamental device in reinforcing people against the boundless threat of phishing endeavors. We upgraded our enemy of phishing instrument by integrating "backing Vector Machine, XGBoost, and a Stacking Classifier", in this way growing the framework's capacities. A Flagon structure using SQLite was made, working with effective data exchange and signin processes for client testing and data approval..
Downloads
References
W. Khan, A. Ahmad, A. Qamar, M. Kamran, and M. Altaf, ‘‘SpoofCatch: A client-side protection tool against phishing attacks,’’ IT Prof., vol. 23, no. 2, pp. 65–74, Mar. 2021.
B. Schneier, ‘‘Two-factor authentication: Too little, too late,’’ Commun. ACM, vol. 48, no. 4, p. 136, Apr. 2005.
S. Garera, N. Provos, M. Chew, and A. D. Rubin, ‘‘A framework for detection and measurement of phishing attacks,’’ in Proc. ACM Workshop Recurring malcode, Nov. 2007, pp. 1–8.
R. Oppliger and S. Gajek, ‘‘Effective protection against phishing and web spoofing,’’ in Proc. IFIP Int. Conf. Commun. Multimedia Secur. Cham, Switzerland: Springer, 2005, pp. 32–41.
T. Pietraszek and C. V. Berghe, ‘‘Defending against injection attacks through context-sensitive string evaluation,’’ in Proc. Int. Workshop Recent Adv. Intrusion Detection. Cham, Switzerland: Springer, 2005, pp. 124–145.
M. Johns, B. Braun, M. Schrank, and J. Posegga, ‘‘Reliable protection against session fixation attacks,’’ in Proc. ACM Symp. Appl. Comput., 2011, pp. 1531–1537.
M. Bugliesi, S. Calzavara, R. Focardi, and W. Khan, ‘‘Automatic and robust client-side protection for cookie-based sessions,’’ in Proc. Int. Symp. Eng. Secure Softw. Syst. Cham, Switzerland: Springer, 2014, pp. 161–178.
A. Herzberg and A. Gbara, ‘‘Protecting (even naıve) web users from spoofing and phishing attacks,’’ Cryptol. ePrint Arch., Dept. Comput. Sci. Eng., Univ. Connecticut, Storrs, CT, USA, Tech. Rep. 2004/155, 2004.
N. Chou, R. Ledesma, Y. Teraguchi, and J. Mitchell, ‘‘Client-side defense against web-based identity theft,’’ in Proc. NDSS, 2004, 1–16.
B. Hämmerli and R. Sommer, Detection of Intrusions and Malware, and Vulnerability Assessment: 4th International Conference, DIMVA 2007 Lucerne, Switzerland, July 12-13, 2007 Proceedings, vol. 4579. Cham, Switzerland: Springer, 2007.
C. Yue and H. Wang, ‘‘BogusBiter: A transparent protection against phishing attacks,’’ ACM Trans. Internet Technol., vol. 10, no. 2, pp. 1–31, May 2010.
[12] W. Chu, B. B. Zhu, F. Xue, X. Guan, and Z. Cai, ‘‘Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing URLs,’’ in Proc. IEEE Int. Conf. Commun. (ICC), Jun. 2013, pp. 1990–1994.
Y. Zhang, J. I. Hong, and L. F. Cranor, ‘‘Cantina: A content-based approach to detecting phishing web sites,’’ in Proc. 16th Int. Conf. World Wide Web, May 2007, pp. 639–648.
D. Miyamoto, H. Hazeyama, and Y. Kadobayashi, ‘‘An evaluation of machine learning-based methods for detection of phishing sites,’’ in Proc. Int. Conf. Neural Inf. Process. Cham, Switzerland: Springer, 2008, pp. 539–546.
E. Medvet, E. Kirda, and C. Kruegel, ‘‘Visual-similarity-based phishing detection,’’ in Proc. 4th Int. Conf. Secur. privacy Commun. Netowrks, Sep. 2008, pp. 1–6.
W. Zhang, H. Lu, B. Xu, and H. Yang, ‘‘Web phishing detection based on page spatial layout similarity,’’ Informatica, vol. 37, no. 3, pp. 1–14, 2013.
J. Ni, Y. Cai, G. Tang, and Y. Xie, ‘‘Collaborative filtering recommendation algorithm based on TF-IDF and user characteristics,’’ Appl. Sci., vol. 11, no. 20, p. 9554, Oct. 2021.
W. Liu, X. Deng, G. Huang, and A. Y. Fu, ‘‘An antiphishing strategy based on visual similarity assessment,’’ IEEE Internet Comput., vol. 10, no. 2, pp. 58–65, Mar. 2006.
A. Rusu and V. Govindaraju, ‘‘Visual CAPTCHA with handwritten image analysis,’’ in Proc. Int. Workshop Human Interact. Proofs. Berlin, Germany: Springer, 2005, pp. 42–52.
P. Yang, G. Zhao, and P. Zeng, ‘‘Phishing website detection based on multidimensional features driven by deep learning,’’ IEEE Access, vol. 7, pp. 15196–15209, 2019.
P. Sornsuwit and S. Jaiyen, ‘‘A new hybrid machine learning for cybersecurity threat detection based on adaptive boosting,’’ Appl. Artif. Intell., vol. 33, no. 5, pp. 462–482, Apr. 2019.
S. Kaur and S. Sharma, ‘‘Detection of phishing websites using the hybrid approach,’’ Int. J. Advance Res. Eng. Technol., vol. 3, no. 8, pp. 54–57, 2015.
W. W. Cohen, ‘‘Fast effective rule induction,’’ in Machine Learning Proceedings. Amsterdam, The Netherlands: Elsevier, 1995, pp. 115–123.
V. Muppavarapu, A. Rajendran, and S. K. Vasudevan, ‘‘Phishing detection using RDF and random forests,’’ Int. Arab J. Inf. Technol., vol. 15, no. 5, pp. 817–824, 2018.
V. K. Nadar, B. Patel, V. Devmane, and U. Bhave, ‘‘Detection of phishing websites using machine learning approach,’’ in Proc. 2nd Global Conf. Advancement Technol. (GCAT). Rajasthan, Jaipur, India: Amity University, Oct. 2021, pp. 1–8.
J. Mao, W. Tian, P. Li, T. Wei, and Z. Liang, ‘‘Phishing-alarm: Robust and efficient phishing detection via page component similarity,’’ IEEE Access, vol. 5, pp. 17020–17030, 2017.
N. C. R. L. Y. Teraguchi and J. C. Mitchell, ‘‘Client-side defense against web-based identity theft,’’ Dept. Comput. Sci., Stanford Univ., Stanford, CA, USA, 2004. [Online]. Available: http://crypto.stanford. edu/SpoofGuard/webspoof.pdf
W. Ali, ‘‘Phishing website detection based on supervised machine learning with wrapper features selection,’’ Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 9, pp. 72–78, 2017.
A. Sharma and D. Upadhyay, ‘‘VDBSCAN clustering with map-reduce technique,’’ in Recent Findings in Intelligent Computing Techniques. Singapore: Springer, 2018, pp. 305–314.
A. K. Jain and B. B. Gupta, ‘‘Comparative analysis of features based machine learning approaches for phishing detection,’’ in Proc. 3rd Int. Conf. Comput. Sustain. Global Develop. (INDIACom), Mar. 2016, pp. 2125–2130.
P. Rao, J. Gyani, and G. Narsimha, ‘‘Fake profiles identification in online social networks using machine learning and NLP,’’ Int. J. Appl. Eng. Res., vol. 13, no. 6, pp. 973–4562, 2018.
G. Xiang, J. Hong, C. P. Rose, and L. Cranor, ‘‘CANTINA+: A featurerich machine learning framework for detecting phishing web sites,’’ ACM Trans. Inf. Syst. Secur., vol. 14, no. 2, pp. 1–28, Sep. 2011.
V. S. Lakshmi and M. S. Vijaya, ‘‘Efficient prediction of phishing websites using supervised learning algorithms,’’ Proc. Eng., vol. 30, pp. 798–805, 2012.
D. Sahoo, C. Liu, and S. C. H. Hoi, ‘‘Malicious URL detection using machine learning: A survey,’’ 2017, arXiv:1701.07179.
E. Kremic and A. Subasi, ‘‘Performance of random forest and SVM in face recognition,’’ Int. Arab J. Inf. Technol., vol. 13, no. 2, pp. 287–293, 2016.
K. Yu, L. Tan, S. Mumtaz, S. Al-Rubaye, A. Al-Dulaimi, A. K. Bashir, and F. A. Khan, ‘‘Securing critical infrastructures: Deep-learning-based threat detection in IIoT,’’ IEEE Commun. Mag., vol. 59, no. 10, pp. 76–82, Oct. 2021.
P. Chen, L. Desmet, and C. Huygens, ‘‘A study on advanced persistent threats,’’ in Communications and Multimedia Security. Aveiro, Portugal: Springer, Sep. 2014, pp. 63–72.
E. Sisinni, A. Saifullah, S. Han, U. Jennehag, and M. Gidlund, ‘‘Industrial Internet of Things: Challenges, opportunities, and directions,’’ IEEE Trans. Ind. Informat., vol. 14, no. 11, pp. 4724–4734, Nov. 2018.
S. Alaparthi and M. Mishra, ‘‘Bidirectional encoder representations from transformers (BERT): A sentiment analysis Odyssey,’’ 2020, arXiv:2007.01127.
P. A. Barraclough, M. A. Hossain, M. A. Tahir, G. Sexton, and N. Aslam, ‘‘Intelligent phishing detection and protection scheme for online transactions,’’ Exp. Syst. Appl., vol. 40, no. 11, pp. 4697–4706, Sep. 2013...
.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
