http://www.iaeme.com/IJCIET/index.asp 1200 editor@iaeme.com

International Journal of Civil Engineering and Technology (IJCIET) Volume 8, Issue 9, September 2017, pp. 1200–1208, Article ID: IJCIET_08_09_135

Available online at http://http://www.iaeme.com/ijciet/issues.asp?JType=IJCIET&VType=8&IType=9

ISSN Print: 0976-6308 and ISSN Online: 0976-6316

© IAEME Publication Scopus Indexed

PREVENTING FROM PHISHING ATTACK BY

IMPLEMENTING URL PATTERN MATCHING

TECHNIQUE IN WEB

U. Rahamathunnisa

A.P (Sr), SITE, VIT University, Vellore

N. Manikandan

A.P (SG), SITE, VIT University, Vellore

U. Senthil Kumaran

Associate Professor, VIT University, Vellore

C. Niveditha

Student, MCA, VIT University, Vellore

ABSTRACT

Phishing is an effort to get personal information like username, password and

bank transaction details in order to hack our personal accounts, by hiding original

sites in a web browser. Existing detection process uses a content based processing

method to find the phishing attacks. This approach finds web spoofing by checking the

matches between the original and spoofed web sites. Original site often change their

websites for marketing purpose so the pattern of original websites need to be updated

frequently which is not feasible. We propose a scheme which detects phishing attack

by matching the user requested URLs with a database of blacklist and whitelist. The

backlist holds the attack URL patterns and the white list hold the original URL

patterns. We also create a user interaction based process to get approval of

vulnerable URL and create a direct block list to detect the phishing attacks

Keywords: Phishing attack, Hacking, URL Matching, Blacklist

Cite this Article: U. Rahamathunnisa, N. Manikandan, U. Senthil Kumaran and C.

Niveditha, Preventing from Phishing Attack by implementing URL Pattern Matching

Technique in Web, International Journal of Civil Engineering and Technology, 8(9),

2017, pp. 1200–1208.

http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=8&IType=9

U. Rahamathunnisa, N. Manikandan, U. Senthil Kumaran and C. Niveditha

http://www.iaeme.com/IJCIET/index.asp 1201 editor@iaeme.com

1. INTRODUCTION

Attackers used to provide a copy websites similar to the original websites in order to get the

personal information of the user without their knowledge. The hackers used to create a fake

websites which resembles like original websites and the attackers view and update or change

any information from the personal accounts. This paper proposes identification of phishing

websites using uniform resource locators (URLs) matching of the webpages. The proposed

solution can find the difference between the genuine and virtually same web pages by

matching the uniform resource locators (URLs) of suspicious webpages. Based on some

features the URLs are examined to detect a phishing websites. After the attack is discovered,

it is recorded for avoidance. The extracted conclusion proves that the discovered technique

able to find the different types of phishing attacks. Phishing attack can be in any one of the

following

1. Phishing attack is a procedure of getting client data

2. Phishing attack may show up in many sorts of correspondence structures, for example,

informing, SMS, VOIP and fraudster messages.

3. Users regularly have numerous client accounts on different sites including

interpersonal organization and emails.

4. Getting client data and certifications may give full access to their records and the

hackers can do anything they need.

Phishing attack happens normally to hack the users credentials by making them to believe

that they are the original websites. The anomalies are captured and the phishing attacks are

detected in [1].Phishing is a huge issue which can separate individual data including wrong

email and sites. In[2], phishing is detected by using TF-IDF algorithm. This algorithm counts

the number of times a particular word appears in the document. It also measures the

importance of a particular term in the whole document.

A heuristic based phishing attack is identified in [3] , where the results are displayed as -1,

if a phishing attack is detected. The results are 1 for undetected phishing attack. [4] Analyzed

case study on phishing attacks over the web servers and content management systems. [5]

Discusses about need for an open source software for security purpose. Anti-phishing

algorithm is proposed in [6] where hyperlink characteristics are used for identifying the

attack. This algorithm differentiates the actual link with the visual link and finds for the match

with the known websites.[7] have proposed a method for phishing attack detection and

prevention. In this method, hyperlink feature are used to detect the attack and a digital

signature method is adapted for the prevention of this attack. Anti -Phishing attack for mobile

phones have been discussed in [8].

2. PROPOSED WORK

We detect phishing attach by matching the user URL request with a database of blacklist and

whitelist. The backlists hold the attack URL design and the white list hold the genuine URL

design. When use a pattern based matching process to find the attacker URL. Our process

runs at the backend of the browser it validate each and every request made by the users.

2.1 SYSTEM ARCHITECTURE

Figure 1 depicts the system architecture of phishing attack. The user search for a website they

are in need for with the help of the browser and the browser sends the user requested content

to the request manager and then the request manager search for the specified content in the

internet and send back the result to the request manager then the request manager send the

html content to the html parser to detect the phishing sites. Here, the html parser will filter all

Preventing from Phishing Attack by implementing URL Pattern Matching Technique in Web

http://www.iaeme.com/IJCIET/index.asp 1202 editor@iaeme.com

the anchor tags for the html content and send it to the URL validator, this URL validator

concurrently checks the given URL with the whitelist and blacklist URL database that is

whether the URL is present in the blacklist or not if it is present then the corresponding

notification is send to the browser for the user view.so that user can be aware of the phishing

sites.

Figure 1 System Architecture Diagram

The descriptions of the methodology used in the proposed system are given below.

Html processor module is used by the system to validate each website content to find

vulnerable URL. When a request is made to a website, server send the Html content to the

browser. System check all anchor tags <a> to fetch it’s the link source which direct users to

external websites. Our system considers it a vulnerable URL and forward the request details

to the next process. After finding the suspicious URL from the websites our system uses the

URL Validator module to analyses the URL .If any thread is found then the system notifies

the users with a warning symbol indicating the URL. URL validate uses a set of URL patterns

extracted from the blacklist and whitelist to find the phishing websites.

Each pattern in the black list and white list is matched with the current requested URL. If

any pattern is matched with the current URL then the request URL is considered phishing

website URL. Request handler is responsible to initiate the detection process to find the

phishing website. If the URL is detected as vulnerable after applying the URL validation

process the URL is considered phishing URL and added to the black list. Else users are

prompt with to take a decisions on the URL. The white list contains URL which is not

suspicious. We use a feedback based detection scheme to find the phishing URL which

improves the efficiency of the detection process.

U. Rahamathunnisa, N. Manikandan, U. Senthil Kumaran and C. Niveditha

http://www.iaeme.com/IJCIET/index.asp 1203 editor@iaeme.com

3. RESULTS AND DISCUSSION

STEP 1:-

If user wants to access a websites or their personal accounts through any web browser

safely they can go for this Anti-phishing attack login form. If you have not yet registered,

register by entering into the registration form.

SIGN UP PAGE

STEP 2:-

After a successful login you can access a websites you need for.

STEP 3:-

After entering a website if you want to check whether there is any external links in the

web page you can go for a DETECT button in the form because always a phishing websites

comes under an external links.

Internal links are identified by

External links are identified by

Preventing from Phishing Attack by implementing URL Pattern Matching Technique in Web

http://www.iaeme.com/IJCIET/index.asp 1204 editor@iaeme.com

STEP 4:-

If we want to see all the URLs of the web page we can see URL button and we can check

an authority domain name and sub-domain name of that particular URL.

STEP 5:-

If user noticed any phishing website it can be added to a blacklist database.

U. Rahamathunnisa, N. Manikandan, U. Senthil Kumaran and C. Niveditha

http://www.iaeme.com/IJCIET/index.asp 1205 editor@iaeme.com

STEP 6:-

We can also view the URLs in the blacklist database by clicking view blacklist button.

STEP 7:-

We can also view the whitelist table from the database.

STEP 8:-

Phishing sites detection steps.

Phishing sites are detected by cross mark -

Preventing from Phishing Attack by implementing URL Pattern Matching Technique in Web

http://www.iaeme.com/IJCIET/index.asp 1206 editor@iaeme.com

STEP 9:-

Detection of phishing attack in E-mail

U. Rahamathunnisa, N. Manikandan, U. Senthil Kumaran and C. Niveditha

http://www.iaeme.com/IJCIET/index.asp 1207 editor@iaeme.com

STEP 10:-

Phishing link from the mail is detected.

4. CONCLUSION

Existing systems content based approached are not effective because attackers fishing sites

are not similar to that of the original websites. So we detect phishing attack by matching the

user URL request with a database of blacklist which proved to be effective. We also checked

whether the user is requesting the URL directly or it is a redirect from the other website. We

also process the process the URL of the redirecting site and the current website URL.

Preventing from Phishing Attack by implementing URL Pattern Matching Technique in Web

http://www.iaeme.com/IJCIET/index.asp 1208 editor@iaeme.com

REFERENCES

[1] Ying Pan and Xuhua Ding, Anomaly Based Web Phishing Page Detection, IEEE

Proceedings of the 22nd Annual Computer Security Applications Conference

(ACSAC'06), 2006.

[2] Yue Zhang, Jason Hong and Lorrie Cranor, CANTINA: A Content-Based Approach to

Detecting Phishing Web Sites, Proceedings of the 16th international conference on World

Wide Web, May 2007.

[3] Chou, N., R. Ledesma, Y. Teraguchi, D. Boneh, and J. C. Mitchell. Client-Side Defense

against Web-Based Identity Theft. In Proceedings of the 11th Annual Network and

Distributed System Security Symposium (NDSS '04).

http://crypto.stanford.edu/SpoofGuard/webspoof.pdf

[4] Marie Vasek, John Wadleigh, and Tyler Moore, Hacking Is Not Random: A Case-Control

Study of Webserver-Compromise Risk, IEEE Transactions on Dependable and Secure

Computing, Vol. 13, No. 2, 2016.

[5] J.H. Hoepman and B. Jacobs, Increased security through open source, Communications of

the ACM, Vol. 50, No. 1, 2007, pp. 79–83.

[6] Chen, J., Guo, C.: Online Detection and Prevention of Phishing Attacks. In: IEEE

Communications and Networking, China Com 2006, pp. 1–7.

[7] Shamal M. Firake, Pravin Soni and B. B. Meshram, Tool for Prevention and Detection of

Phishing E-Mail Attacks, International Conference on Network Security and

Applications, 2011,pp 78-88.

[8] Longfei Wu, Xiaojiang Du and Jie Wu, Effective Defense Schemes for Phishing Attacks

on Mobile Computing Platforms, IEEE Transactions on Vehicular Technology, Vol. 65,

No. 8, 2016.

[9] N. Chandra Sekhar Reddy, Dr. Purna Chandra Rao, Dr. A. Govardhan, An Efficient Anti

Phishing Framework based on Dynamic Captcha. International Journal of Computer

Engineering and Technology, 7(6), 2016, pp. 18–29.

[10] Ulka M. Bansode, Prof. Gauri R. Rao, Dr. S. H. Patil, Detection of Phishing E-Commerce

Websites Using Visual Cryptography, International Journal of Computer Engineering &

Technology (IJCET), Volume 4, Issue 5, September – October (2013), pp. 165-171