Phishdentity : Leverage Website Favicon to Offset Phishing Website

Choo, Jeffrey Soon Fatt (2015) Phishdentity : Leverage Website Favicon to Offset Phishing Website. Masters thesis, Universiti Malaysia Sarawak, (UNIMAS).

Phishdentity ; Leverage Website Favicon to Offset Phishing Website (24pgs).pdf

Download (767kB) | Preview
[img] PDF (Please get the password from Digital Collection Development Unit, ext : 3932 / 3914)
Phishdentity ; Leverage Website Favicon to Offset Phishing Website (fulltext).pdf
Restricted to Registered users only

Download (1MB)


Phishing attack is a cybercrime which will result in severe financial losses to consumers and entrepreneurs. Typically, the phishers are fond of using fuzzy techniques during the creation of phishing websites. They obfuscate the victims by mimicking the appearance and content of the legitimate website. In addition, most of the websites are susceptible to the threat of phishing attacks, including financial institutions, social networks, e-commerce, airline websites and others. Phishers can easily earn the trust of the victim by impersonating as a consultant in the travel agency, booking flights and hotel reservations. Therefore, it is important to establish an intelligent gateway for browsers that can protect internet users from visiting malicious websites. In this thesis, we proposed an approach which is based on the website favicon to uncover the hidden identity of a website. We employ Google search by image engine to obtain the search results specific to the website favicon. Then, we perform feature extraction based on the search results to retrieve the website identity. Our identity retrieval technique involves an effective mathematical model in which it could be used to assist in retrieving the right identity from the many entries of the search results. In addition, we also proposed additional approach which is based on the URL to examine the legitimacy of a website. More precisely, we study the URL based on the lexical features, host-based features and domain features. Additional approach is very useful when the website under examination does not have a favicon. We have collected a total of 500 phishing websites from PhishTank and 500 of the legitimate websites from Alexa Top 500 Global Websites to verify the effectiveness of this approach. From the experimental results, our proposed technique has achieved 97.4% true positive with only 5.4% false positive. After combining with additional approach, our proposed technique is able to improve the false positives to 2.2%, while slightly reducing the accuracy of classifying phishing websites where we have achieved 97% true positive.

Item Type: Thesis (Masters)
Additional Information: Thesis (M.Sc.) -- Universiti Malaysia Sarawak, 2015.
Uncontrolled Keywords: Phishing attack, cybercrime, Computer crimes, unimas, university, universiti, Borneo, Malaysia, Sarawak, Kuching, Samarahan, ipta, education, Postgraduate, research, Universiti Malaysia Sarawak
Subjects: T Technology > T Technology (General)
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Karen Kornalius
Date Deposited: 03 Mar 2016 04:11
Last Modified: 03 Mar 2016 04:11

Actions (For repository members only: login required)

View Item View Item