Skip to main content
SpringerLink
Log in

Phishing-Deception Data Model for Online Detection and Human Protection

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability - The Security Challenges of the Connected World (ICGS3 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 630))

Abstract

The construction and interaction procedure of phishing and user in the deception mode is presented. We analyses phishing behavior when tempting human in order to construct a phishing-deception human-based data model (PDHDM) based on frequent associated events. The proposed phishing-deception human-based data model is utilized to generate association rules and to accurately classify between phishing and legitimate websites. This approach can reduce false positive rates in phishing detection systems, including a lack of effective dataset. Classification algorithms is employed for training and validation of the model. The proposed approach performance and the existing work is compared. Our proposed method yielded a remarkable result. The finding demonstrates that phishing-deception human-based data model is a promising scheme to develop effective phishing detection systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ead, W., Abdelwahed, W., Abdul-Kader, H.: Adaptive fuzzy classification- rule algorithm in detection malicious web sites from suspicious URLS. Int. Arab. J. eTechnol. 3(1), 1–9 (2013)

    Google Scholar 

  2. Dong, X., Clerk, J.A., Jacob, J.L.: Defending the weakest link: Phishing Website Detection by analysing User Behaviours. IEEE Telecommun. Syst. 45, 215–226 (2010)

    Article  Google Scholar 

  3. RSA Anti-Fraud Command Center. www.rsa.com. Accessed 20 Sept 2013

  4. Xiang, G., Hong, J.: A hybrid phish detection approach by identity discovery and keywords retrieval. In: Proceedings of the 18th International World Wide Web Conference (WWW 2009), pp. 571–580 (2009)

    Google Scholar 

  5. Jain, A., Richariya, V.: Implementing a web browser with phishing detection techniques. World Comput. Sci. Inf. Technol. J. (WCSIT) 1(7), 289–291 (2011)

    Google Scholar 

  6. Microsoft Corporation: Internet Explorer 7 (2014). http://www.microsoft.com/windows/ie/default.mspx. Accessed 9 Nov 2006

  7. Netcraft. Netcraft Anti-Phishing Toolbar. http://toolbar.netcraft.com/. Accessed 13 June 2006

  8. EarthLink Inc. EarthLink Toolbar (2014). http://www.earthlink.net/software/free/toolbar/. Accessed 9 Nov 2006

  9. Xiang, G., Pendleton, B.A., Hong, J., Rose, C.P.: A hierarchical adaptive probabilistic approach for zero hour phish detection. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 268–285. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Aburrous, M., Khelifi, A.: Phishing detection plug-in toolbar using intelligent fuzzy-classification mining techniques. Int. J. Soft Comput. Softwa. Eng. (SCSE 2013) 3 (2013). Special Issue

    Google Scholar 

  11. Barraclough, P.A., Hossain, M.A., Tahir, M.A., Sexton, G., Aslam, N.: Intelligent phishing detection and protection scheme for online transactions. Expert Syst. Appl. 40, 4697–4706 (2013)

    Article  Google Scholar 

  12. Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists. In: 6th Conference Proceeding, CEAS, Mountain View, Califonia, USA (2009)

    Google Scholar 

  13. Ma, J., Saul, L., Savag, S., Voelker, G.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th International Conference on Knowledge Discovery and Data Mining, Paris, France, pp. 1245–1254 (2009)

    Google Scholar 

  14. Afroz, A., Greenstadt, R.: PhishZoo: detecting phishing websites by looking at them. In: Proceedings of the IEEE Fifth International Conference on Semantic Computing (ICS 2011) (2011)

    Google Scholar 

  15. Aburrous, M., Khelifi, A.: Phishing detection plug-in toolbar using intelligent fuzzy-classification mining techniques. Int. J. Soft Comput. Softw. Eng. (JSCSE) 3, 54–61 (2013)

    Google Scholar 

  16. McAfee Inc. McAfee SiteAdvisor (2014). http://www.siteadvisor.com/. Accessed 9 Nov 2006

  17. GeoTrust Inc. TrustWatch Toolbar (2014). http://toolbar.trustwatch.com/tour/v3ie/toolbar-v3ie-tour-overview.html. Accessed 13 June 2006

  18. eBay Inc. Using eBay Toolbar’s Account Guard (2014). http://pages.eBay.com/help/confidence/account-guard.html. Accessed 13 June 2006

  19. Millersmiles (2016). http://www.millersmiles.co.uk/. Accessed 20 Oct 2016

  20. Huange, G.B., Zhu, Q.Y., Mao, K.Z., Siew, C.K., Saratchandran, P., Sundararajan, N.: Can threshold networks be trained directly. IEEE Trans. Circ. Syst. II 53(3), 187–191 (2006)

    Article  Google Scholar 

  21. PhishTank: Join the fight against phishing (2013). http://www.phishtank.com/. Accessed 5 July 2013 and 10 July 2013

  22. Laorden, C., Ugart-Pedrero, X., Santos, I., Sanz, B., Nieves, J., Alvarez, P., Bringas, G.: Study on the effectiveness of anomaly detection for spam filtering. Inf. Sci. 277, 421–444 (2014)

    Article  Google Scholar 

  23. Ajlouni, M., Hadi, W., Alwedyan, J.: Detecting phishing websites using associative classification. Eur. J. Bus. Manage. 5(15), 36–40 (2013)

    Google Scholar 

  24. Abdelhamid, N., Ayesh, A., Thabtah, F.: Phishing detection based associative classification data mining. Expert Syst. Appl. 41(13), 5948–5959 (2014)

    Article  Google Scholar 

  25. Rami, M., Thabtah, F.A., McCluskey, T.: Intelligent rule based phishing websites classification. IET Inf. Secur. 8(3), 153–160 (2014)

    Article  Google Scholar 

  26. Agrawal, R., Ramakrishnan, S.: Fast algorithms for mining association rules in large database. In: Proceedings of the 20th International Conference on Very Large Data Bases (VLDB), Santiago, Chile, pp. 487–499 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computing, Engineering and Information Sciences, University of Northumbria, Newcastle upon Tyne, NE1, UK

    Phoebe Barraclough & Graham Sexton

Authors
  1. Phoebe Barraclough
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Graham Sexton
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Phoebe Barraclough .

Editor information

Editors and Affiliations

  1. GSM London Meridian House, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Kaspersky Lab, London, United Kingdom

    David Emm

  4. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

  5. Northumbria University, London, United Kingdom

    Guy Brown

  6. Northumbria University, Newcastle upon Tyne, United Kingdom

    Graham Sexton

  7. QAHE with Northumbria University, London, United Kingdom

    Arshad Jamal

Appendix

Appendix

Phishing Email Imitation

The email in Fig. 3 is an example of a phishing email that imitate Barclays bank legitimate email. It looks a genuine email with a link to illegitimate website. It also Copied contents of a legitimate website such as logos, text, images to make it look authentic, but in reality it is not legitimate.

Fig. 3.
figure 3

Copy of a phishing email imitating legitimate Barclays bank email

Full size image

Phishing Website Copy

The website in Fig. 4 is a phishing website that mimic Barclays bank legitimate website. It carries a forms to collect users bank detail in which this form is similar to that in the legitimate website, but in real it is not a legitimate form.

Fig. 4.
figure 4

Phishing website imitating legitimate Barclays bank website.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Barraclough, P., Sexton, G. (2016). Phishing-Deception Data Model for Online Detection and Human Protection. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51064-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51063-7

  • Online ISBN: 978-3-319-51064-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation