Acta Informatica Pragensia 2017, 6(2), 114-123 | DOI: 10.18267/j.aip.1045525
A Lightweight Anti-Phishing Technique for Mobile Phone
- Department of Computer Science, School of Science and Technology, Moshood Abiola Polytechnic, Abeokuta, P.M.B 2210 Abeokuta, Ogun State, Nigeria
Mobile phones have become an essential device for accessing the web. This is due to the advantages of portability, lower cost and ease. However, the adoption of mobile phones for online activities is now being challenged by myriads of cybercrimes. One of such crimes is phishing attack. In this work, a lightweight anti-phishing technique is proposed to combat phishing attacks on mobile devices. This is necessary because these mobile platforms have increased the attack surface for phishers while diminishing the effectiveness of existing countermeasures. The proposed approach uses a number of URL behavior to determine the status of a website based on frequency analysis of extracted phishing features from PhishTank. To increase the detection power of unknown pattern, a machine learning algorithm called Support Vector Machine is adopted. The results indicated that the approach is very efficient against phishing sites with negligible false negatives.
Keywords: Cyber fraud, Mobile devices, Phishing, Security, URL
Received: March 20, 2017; Revised: July 1, 2017; Accepted: July 10, 2017; Published: December 31, 2017 Show citation
References
- Neupane, A., Rahman, M.L., Saxena, N., & Hirshfield, L. (2015). A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 479-491). New York: ACM. doi: 10.1145/2810103.2813660
Go to original source...
- Bhardwaj, A., Subrahmanyam, G.V.B., Avasthi, V., & Sastry, H. (2016). Ransomware: A Rising Threat of new age Digital Extortion. Retrieved from https://arxiv.org/abs/1512.01980
- Chiew, K. L., Chang, E. H., Sze, S. N., & Tiong, W. K. (2015). Utilization of website logo for phishing detection. Computers and Security, 54(October), 16-26. doi: 10.1016/j.cose.2015.07.006
Go to original source...
- CSO. (2016). CSO: Online report on phishing activities. Retrieved from http://www.csoonline.com/articles
- Gowtham, R., & Krishnamurthi, I. (2014). A Comprehensive and efficacious architecture for detecting phishing pages. Computers and Security, 40(February), 23-37. doi: 10.1016/j.cose.2013.10.004
Go to original source...
- Hong, J. (2012). The State of phishing attacks. Communications of the ACM, 55(1), 74-81. doi: 10.1145/2063176.2063197
Go to original source...
- Huang, C., Ma, S., & Chen, K. (2011). Using one-time passwords to prevent password phishing attacks. Journal of Network and Computer Applications, 34(4), 1292-1301. doi: 10.1016/j.jnca.2011.02.004
Go to original source...
- Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., & Jerram, C. (2015). The design of phishing studies: Challenges for researchers. Computers & Security, 52(July), 194-206. doi: 10.1016/j.cose.2015.02.008
Go to original source...
- Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing Detection: A Literature Survey. IEEE Communications Surveys & Tutorials, 15(4), 2091-2121. doi: 10.1109/SURV.2013.032213.00009
Go to original source...
- Kumar, G., & Kumar, K. (2014). Network Security - an updated perspective. Systems Science
Go to original source...
- & Control Engineering, 2(1), 325-334. doi: 10.1080/21642583.2014.895969
Go to original source...
- Alsharnouby, M., Alaca, F., & Chiasson, S. (2015). Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies, 82(October),
Go to original source...
- 69-82. doi: 10.1016/j.ijhcs.2015.05.005
Go to original source...
- Pan, Y., & Ding, X. (2006). Anomaly based web phishing page detection. In Proceedings of the 22nd Annual Computer Security Applications Conference. New York: IEEE. doi: 10.1109/ACSAC.2006.13
Go to original source...
- Prakash, P., Kumar, M., Kompella, R., & Gupta, M. (2010). PhishNet: Predictive blacklisting to detect phishing attacks. In Proceedings IEEE of the INFOCOM, 2010. New York: IEEE. doi: 10.1109/INFCOM.2010.5462216
Go to original source...
- Purkait, S. (2012). Phishing counter measures and their effectiveness - literature review. Information Management & Computer Security, 20(5), 382-420. doi: 10.1108/09685221211286548
Go to original source...
- Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and Prevention. International Management Review, 13(1), 10-21.
- RSA. (2014). RSA monthly online fraud report. Anti-Fraud Command Center. Retrieved from https://www.rsa.com/content/dam/rsa/PDF/rsa-online-fraud-report-0914.pdf
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.