شناسایی وب سایت فیشینگ در بانکداری اینترنتی با استفاده از الگوریتم بهینه سازی صفحات شیب‌دار

نویسندگان

1 کارشناسی ارشد، دانشکده فنی و مهندسی، دانشگاه بیرجند، بیرجند، ایران

2 استادیار، دانشکده فنی و مهندسی، دانشگاه بزرگمهر قائنات، قائنات، ایران

چکیده

یکی از عوامل بسیار تأثیر گذار در توسعه تجارت الکترونیک و تجارت تحت وب، امنیت آن می‌باشد. اما متناسب با توسعه تجارت الکترونیک، مقوله فیشینگ و سرقت اطلاعات بانکی افراد به تهدید بسیار جدی در این حوزه بدل شده است. روش‌های متنوعی در شناسایی وب سایت فیشینگ مورد بررسی و تحلیل قرار گرفته‌اند. در اکثر روش‌ها توجهی به طول عمر کوتاه وب سایت فیشینگ و تلاش برای کاهش حجم محاسباتی صورت نگرفته است. از این جهت، در این پژوهش سعی شده تا ویژگی‌های پراهمیت را جهت ارزیابی وب سایت فیشینگ استخراج کرده و سپس با استفاده از الگوریتم بهینه سازی صفحات شیب‌دار فرآیند طبقه بندی انجام گیرد. مقایسه نتایج حاصله از این رویکرد جدید با بهترین روش‌های موجود، اثبات کننده توانایی این رویکرد در شناسایی وب سایت-های فیشینگ می‌باشد.

کلیدواژه‌ها


عنوان مقاله [English]

Phishing Website Detection for e-Banking by Inclined Planes Optimization Algorithm

نویسندگان [English]

  • Nafiseh Langhari 1
  • Majid Abdolrazzagh Nejad 2
1 Master's degree, Technical and Engineering Faculty, Birjand University, Birjand, Iran
2 Assistant Professor, Technical and Engineering Faculty, Bozormehr Qaenat University, Qaenat, Iran
چکیده [English]

One of the most important factors influencing the development of e-commerce and web-based commerce is
security. However development of e-commerce leads to phishing and steal the customer information. So the various
methods have been designed to detect phishing websites in the literature. Lacks of attention to the short lifetime of
phishing website, and to reduce the amount of computation are the main gaps of these methods. In this paper, a new
intelligent approach is proposed to detect phishing websites, in e-banking by extracting sensitive features of websites
on phishing attacks and classifying candidate websites in three classes such as phishing, legitimate and suspicious
websites based on inclined planes optimization algorithm. The comparison results of the new intelligent approach with
the best available techniques, demonstrate the ability of this approach to detect phishing websites.

کلیدواژه‌ها [English]

  • Network Security
  • Service Security
  • Port Security
  • Authentication
  • Port-Knocking
[1] Y. Zhang, S. Egelman, L. Cranor, and J. Hong, “Phinding phish: Evaluating anti-phishing tools,” 2006.
[2] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, “Intelligent phishing detection system for e-banking using fuzzy data mining,” Expert systems with applications, vol. 37, pp. 7913-7921, 2010.
[3] M. D. I. A. Ajlouni, W. E. Hadi, and J. Alwedyan, “Detecting Phishing Websites Using Associative         Classification,” European Journal of Business and        Management, vol. 5, pp. 36-40, 2013.
[4] L. F. Cranor, S. Egelman, J. I. Hong, and Y. Zhang, “Phinding Phish: An Evaluation of Anti-Phishing Toolbars,” in NDSS, 2007.
[5] M. Sirajuddin, “Data Mining Approach for Deceptive Phishing Detection System,” ijsret, vol. 2, pp. 337-334, 2013. 
[6] E. Medvet, E. Kirda, and C. Kruegel, “Visual-similarity-based phishing detection,” in Proceedings of the 4th   international conference on Security and privacy in    communication netowrks, p. 22, 2008.
[7] W. Zhang, H. Lu, B. Xu, and H. Yang, “Web phishing detection based on page spatial layout similarity,”       Informatica, vol. 37, pp. 231-244, 2013.
[8] L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng, “Detection of phishing webpages based on visual        similarity,” in Special interest tracks and posters of the 14th international conference on world wide web, pp.  1060-1061, 2005.
[9] S. T. Kumar, V. Kumar, and A. Kumar, “Detection and Prevention of Phishing Attacks Using Linkguard         Algorithm,” 2008.
[10] J. S. White, J. N. Matthews, and J. L. Stacy, “A method for the automated detection phishing websites through both site characteristics and image analysis,” in SPIE Defense, Security and Sensing, pp. 84080B-84080B-11, 2012.
[11] A. P. Rosiello, E. Kirda, C. Kruegel, and F. Ferrandi, “A layout-similarity-based approach for detecting phishing pages,” in Security and Privacy in Communications    Networks and the Workshops, 2007. Secure Comm 2007. Third International Conference on, pp. 454-463, 2007.
[12] N. R. T. Guhan, “Analyzing and Detecting Phishing Webpages with Visual Similarity Assessment Based on Earth Movers Distance with Linear Programming Model,” International Journal of Advanced Engineering           Technology, vol. III, pp. 327-330, 2012.
[13] P. Barraclough, M. Hossain, M. Tahir, G. Sexton, and N. Aslam, “Intelligent phishing detection and protection scheme for online transactions,” Expert systems with   applications, vol. 40, pp. 4697-4706, 2013.
[14] A. Demaris and S. H. Selman, “Logistic regression,” in Converting Data into Evidence, ed: Springer,                   pp.115-136, 2013.
[15] S. Garera, N. Provos, M. Chew, and A. D. Rubin, “A framework for detection and measurement of phishing attacks,” in Proceedings of the 2007 ACM workshop on Recurring malcode, pp. 1-8, 2007.
[16] P. Sengar and V. Kumar, “Client-side defense against phishing with pagesafe,” International Journal of        Computer Applications, vol. 4, pp. 6-10, 2010.
[17] SS. Abu-Nimeh, D. Nappa, X. Wang, and S. Nair, “A   comparison of machine learning techniques for phishing detection,” in Proceedings of the anti-phishing working groups 2nd annual ecrime researchers summit, pp. 60-69, 2007.
[18] J. M. De-Sa, “Pattern recognition: concepts, methods, and applications,” Springer, 2001.
[19] H. M. Deylami and Y. P. Singh, “Cybercrime detection techniques based on support vector machines,” Artificial Intelligence Research, vol. 2, 2013.
[20] L. Breiman, “Random forests,” Machine learning, vol. 45, pp. 5-32, 2001.
[21] D. M. L. V. Radha Damodaram, “Experimental Study on Meta Heuristic Optimization Algorithms for Fake Website Detection,” International Association of Scientific       Innovation and Research (IASIR), vol. 2, pp. 43-53, 2012.
[22] M. Radha Damodaram and M. Valarmathi, “Phishing Website Detection and Optimization Using Particle Swarm Optimization Technique,” International Journal of      Computer Science and Security (IJCSS), vol. 5, p. 477, 2011.
[23] M. R. Damodaram and M. Valarmathi, “Bacterial Foraging Optimization for Fake Website Detection,” International Journal of Computer Science & Applications (TIJCSA), vol. 1, 2013.
[24] M. H. Mozaffari, H. Abdy, and S. H. Zahiri, “Application of inclined planes system optimization on data clustering,” in Pattern Recognition and Image Analysis (PRIA), 2013 First Iranian Conference on, pp. 1-3, 2013.
[25] M. Aburrous, M. Hossain, K. Dahal, and F. Thabtah, “Associative classification techniques for predicting           e-banking phishing websites,” in Multimedia Computing and Information Technology (MCIT), 2010 International Conference on, pp. 9-12, 2010.
[26] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabatah, “Modelling Intelligent Phishing Detection System for        e-Banking using Fuzzy Data Mining,” in Cyber Worlds, 2009. CW'09. International Conference on, pp.               265-272, 2009.
[27] P. Barraclough, M. Hossain, M. Tahir, G. Sexton, and N. Aslam, “Intelligent phishing detection and protection scheme for online transactions,” Expert Systems with Applications, 2013.
[28] S. H. Zahiri and S. A. Seyedin, “Intelligent Particle Swarm Classifiers,” Iranian journal of electrical and computer engineering, vol. 4, p. 63, 2015.
[29] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, “Experimental case studies for investigating e-banking phishing techniques and attack strategies,” Cognitive  Computation, vol. 2, pp. 242-253, 2010.
[30] A. Y. Fu, L. Wenyin, and X. Deng, “Detecting phishing web pages with visual similarity assessment based on earth mover's distance (EMD),” Dependable and Secure       Computing, IEEE Transactions on, vol. 3, pp. 301-311, 2006.
[31] R. Mohammad, T. McCluskey, and F. A. Thabtah, “Intelligent Rule based Phishing Websites Classification,” IET Information Security, 2013.