Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TECHNIQUES
*1
Ms. Vedhanayagi M., *2 Mr.Varadarajan T., M.C.A., M.Phil.,
*1
M.Phil Research Scholar, PG and Research Department of Computer Science, Government Thirumagal Mills
College, Gudiyattam, Tamilnadu, India.
*2
Assistant Professor & Head of Department, PG and Research Department of Computer Science, Government
Thirumagal Mills College, Gudiyattam, Tamilnadu, India
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract: Detection (APTIPWD) and shows that it can be easily
implemented.
Recently, the Internet has become a very important
Thirdly, the effectiveness of the New Approach
medium of communication. Many people go online and
(APTIPWD) is evaluated using a set of user experiments
conduct a wide range of business. They can sell and buy
showing that it is more effective in helping users
goods, perform different banking activities and even
distinguish between legitimate and Web Content Mining
participate in political and social elections by casting a
websites than the Old Approach of sending
vote online. The parties involved in any transaction
Classification of -Web Content Mining tips by email.
never need to meet and a buyer can sometimes be
The experiments also address the issues of the effects of
dealing with a fraudulent business that does not actually
technical ability and Web Content Mining knowledge
exist. So, security for conducting businesses online is
Classification Content Mining websites' detection. The
vital and critical. All security-critical applications (e.g.
results of the investigation show that technical ability
online banking login pages) that are accessed using the
has no effect whereas Web Content Mining knowledge
Internet are at the risk of fraud. A common risk comes
has a positive effect on Web Content Mining website
from so-called Phishing websites, which have become a
detection. Thus, there is need to ensure that, regardless
problem for online banking and e-commerce users. Web
their technical ability level (expert or non-expert), the
Content Mining websites attempt to trick people into
participants do not know about Web Content Mining
revealing their sensitive personal and security
before they evaluate the effectiveness of a new
information in order for the fraudster to access their
Classification of -Web Content Mining approach. This
accounts. They use websites that look similar to those of
thesis then evaluates the Classification of -Web Content
legitimate organizations and exploit the end-user's lack
Mining knowledge retention of the New Approach users
of knowledge of web browser clues and security
and compares it with the knowledge retention of users
indicators.
who are sent Classification of -Web Content Mining tips
This thesis addresses the effectiveness of Web by email.
Content Mining & Classification website detection. It
reviews existing Classification of Web Content Mining INTRODUCTION:
approaches and then makes the following contributions.
First of all, the research in this thesis evaluates the E-banking Phishing websites are forged websites that
effectiveness of the current most common users' tips for are created by malicious people to mimic real e-banking
detecting Web Content Mining websites. A novel websites. Most of these kinds of Web pages have high
effectiveness criterion is proposed and used to examine visual similarities to scam their victims. Some of these
every tip and rank it based on its effectiveness score, Web pages look exactly like the real ones. Unwary
thus revealing the most effective tips to enable users to Internet users may be easily deceived by this kind of
detect Web Content Mining attacks. The most effective scam. Victims of e-banking phishing Websites may
tips can then be used by Classification of -Web Content expose their bank account, password, credit card
Classification and training approaches. number, or other important information to the phishing
Secondly, this thesis proposes a novel Classification Web page owners. The impact is the breach of
of Web Content Mining Approach that uses Training information security through the compromise of
Intervention for Web Content Mining Websites' confidential data and the
victims may finally suffer losses of money or other A fourth approach is two-factor authentication, which
kinds. Phishing is a relatively new Internet crime in ensures that the user not only knows a secret but also
comparison with other forms, e.g., virus and hacking. presents a security token [6]. However, this approach is
More and more phishing Web pages have been found in a server-side solution. Phishing can still happen at sites
recent years in an accelerative way [7]. The word that do not support two-factor authentication. Sensitive
phishing from the phrase “website phishing” is a information that is not related to a specific site, e.g.,
variation on the word “fishing.” The idea is that bait is credit card information and SSN (Social Security
thrown out with the hopes that a user will grab it and Number),cannot be protected by this approach either
bite into it just like the fish. In most cases, bait is either [22].
an e-mail or an instant messaging site, which will take
the user to hostile phishing websites [10]. Many industrial anti phishing products use toolbars in
Web browsers, but some researchers have shown that
E-banking Phishing website is a very complex issue to security tool bars don’t effectively prevent phishing
understand and to analyze, since it is joining technical attacks. [4], [5] proposed a scheme that utilizes a
and social problem with each other for which there is no cryptographic identity-verification method that lets
known single silver bullet to entirely solve it. The remote Web servers prove their identities. However, this
motivation behind this study is to create a resilient and proposal requires changes to the entire Web
effective method that uses Fuzzy Data Mining infrastructure (both servers and clients), so it can
algorithms and tools to detect e-banking phishing succeed only if the entire industry supports it.
websites in an automated manner. DM approaches such
as neural networks, rule induction, and decision trees B. Main Characteristics Of E-Banking Phishing
can be a useful addition to the fuzzy logic model. It can Websites.
deliver answers to business questions that traditionally
were too time consuming to resolve such as, "Which are Evolving with the anti phishing techniques, various
most important e-banking Phishing website phishing techniques and more complicated and hard-to-
Characteristic Indicators and why?" by analyzing detect methods are used by phishers. The most
massive databases and historical data for training straightforward way for a phisher to defraud people is to
purposes. make the phishing Web pages similar to their targets.
Actually, there are many characteristics and factors that
A.LITERATURE REVIEW can distinguish the original legitimate website from the
forged e-banking phishing website like Spelling errors,
Phishing website is a recent problem, nevertheless due Long URL address and Abnormal DNS record.
to its huge impact on the financial and on-line retailing
sectors and since preventing such attacks is animportant C. Why Using Fuzzy Logic And Data Mining?
step towards defendingagainst e bankingphishing
website attacks,there are several promisingdefending FL has been used for decades in the engineering
approaches to this problem reported earlier. sciences to embed expert input into computer models for
a broad range of applications. It offers a promising
In this section, we briefly survey existing anti-phishing alternative for measuring operational risks [18]. The FL
solutions and list of the related works. One approach is approach provides more information to help risk
to stop phishing at the email level [3], since most current managers effectively manage assessing and ranking e-
phishing attacks use broadcast email (spam) to lure banking phishing website risks than the current
victims to a phishing website [21]. Another approach is qualitative approaches as the risks are quantified based
to use security toolbars. The phishing filter in IE7 [19] is on a
a toolbar approach with more features such as blocking combination of historical data and expert input. The
the user’s activity with a detected phishing site. A third advantage of the fuzzy approach is that it enables
approach is to visually differentiate the phishing sites processing of vaguely defined variables, and variable
from the spoofed legitimate sites. Dynamic Security whose relationships cannot be defined by mathematical
Skins [5] proposes to use a randomly generated visual relationships. FL can incorporate expert human
hash to customize the browser window or web form judgment to define those variable and their relationships.
elements to indicate the successfully authenticated sites.
DM is the process of searching through large amounts of
data and picking out relevant information. It has been
described as "the nontrivial extraction of implicit,
previously unknown, and potentially useful information
from large data sets [30], [31]. It is a powerful new
technology with great potential to help researchers focus
on the most important information in their data archive.
In addition, the DNS22 host files in the One of the challenges faced in this research is the
Windows operating system were modified so that web Un availability of complete dataset to be used as a
browsers displayed the URL of the actual Web Content standard for phishing websites features. According to
Mining websites. The web addresses listed were pointed [14], few selected features can be used to differentiate
to the local machine IP address (127.0.0.1) so that any between legitimate and spoofed web pages. These
request to one of the addresses that arrived at the Apache selected features are many such as URLs, domain
HTTP Server was directed to and served by the local identity, security & encryption, source code, page style
server. Thus, the users were not actually at risk since & contents, web address bar and social human factor.
they used local web pages. This study focuses only on URLs and domain name
features. Features of URLs and domain names are
checked using several criteria such as IP Address, long
URL address, adding a prefix or suffix, redirecting using
the symbol “//”, and URLs having the symbol “@”.
CONCLUSION