Phishing and Spoofing Websites: Detection and Countermeasures

Citation

Lai, Wee Liem and Goh, Vik Tor and Yap, Timothy Tzen Vun and Ng, Hu (2023) Phishing and Spoofing Websites: Detection and Countermeasures. International Journal on Advanced Science, Engineering and Information Technology (IJASEIT), 13 (5). pp. 1672-1678. ISSN 2088-5334

Full text not available from this repository.

Abstract

Website phishing and spoofing occur when unsuspecting users are tricked into interacting with a fraudulent website designed to impersonate a legitimate one. This is done with the intention of stealing login credentials or other personal information. The goal of this project is to develop a multi-layered URL-based malicious website detection system to counter such attacks. The proposed system employs several defence mechanisms, including whitelist filtering, API requests to domain blacklist providers, and string comparison algorithms, to accurately identify and classify websites as either legitimate or malicious. In brief, the first layer provides an initial check by matching the domain of the intended website with a predefined whitelist, while the second layer queries APIVoid (a domain blacklist provider) to conduct additional checks for domain age and reputation. Finally, to prevent typographical errors that could unintentionally redirect users to a malicious website, the last layer compares the domain of the intended website with entries in the whitelist to identify any significant similarities using the Levenshtein distance algorithm. To evaluate the system's performance, a comprehensive testing phase was conducted on a dataset containing 30 randomly selected websites, encompassing various scenarios of malicious and legitimate websites. The results show a high true positive rate of 0.94 and an overall accuracy of 0.93, indicating the system's ability to accurately classify legitimate and malicious websites. The proposed system shows promising results in accurately classifying websites and enhancing user awareness to prevent phishing and spoofing attacks.

Item Type: Article
Uncontrolled Keywords: Phishing attacks; domain name spoofing; user alert system; multilayer malicious website detection model
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines
Divisions: Faculty of Computing and Informatics (FCI)
Depositing User: Ms Nurul Iqtiani Ahmad
Date Deposited: 07 Dec 2023 02:07
Last Modified: 07 Dec 2023 02:07
URII: http://shdl.mmu.edu.my/id/eprint/11925

Downloads

Downloads per month over past year

View ItemEdit (login required)