Development of anti-phishing browser based on random forest and rule of extraction framework  

作　　者：Mohith Gowda HR Adithya MV Gunesh Prasad S Vinay S 

机构地区：[1]B.E in Computer Science and Engineering,PES College of Engineering,4011,Vasuda Krupa,3rd Cross,Shankar Nagar,Mandya,Karnataka 571401,India [2]B.E in Computer Science and Engineering,PES College of Engineering,1932,1st Main Road,Halahalli Ext,Near Vinayaka Auto Stand,Mandya,Karnataka 571401,India [3]B.E in Computer Science and Engineering,PES College of Engineering,20/19,5th cross,Shakthi Nagar,Near Shakthi Nagar Park,Mysore,Karnataka 570019,India [4]Information Science and Engineering,PES College of Engineering,PES Engineering College Rd,PES College Campus,Mandya,Karnataka 571401,India.

出　　处：《Cybersecurity》2020年第1期267-280,共14页网络空间安全科学与技术（英文）

摘　　要：Phishing is a technique under Social Engineering attacks which is most widely used to get user sensitive information,such as login credentials and credit and debit card information,etc.It is carried out by a person masquerading as an authentic individual.To protect web users from these attacks,various anti-phishing techniques are developed,but they fail to protect the user from these attacks in various ways.In this paper,we propose a novel technique to identify phishing websites effortlessly on the client side by proposing a novel browser architecture.In this system,we use the rule of extraction framework to extract the properties or features of a website using the URL only.This list consists of 30 different properties of a URL,which will later be used by the Random Forest Classification machine learning model to detect the authenticity of the website.A dataset consisting of 11,055 tuples is used to train the model.These processes are carried out on the client-side with the help of a redesigned browser architecture.Today Researches have come up with machine learning frameworks to detect phishing sites,but they are not in a state to be used by individuals having no technical knowledge.To make sure that these tools are accessible to every individual,we have improvised and introduced detection methods into the browser architecture named as‘Embedded Phishing Detection Browser’(EPDB),which is a novel method to preserve the existing user experience while improving the security.The newly designed browser architecture introduces a special segment to perform phishing detection operations in real-time.We have prototyped this technique to ensure maximum security,better accuracy of 99.36%in the identification of phishing websites in realtime.

关 键 词：Phishing attack Machine learning Intelligent browser engine Rule of extraction algorithm Browser architecture 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]