1. Digital Library of University of Colombo School of Computing
  2. Thesis & Dissertations
  3. Postgraduate Thesis Collection
  4. Master’s Degree Programmes
  5. Master of Information Security (MIS)
  6. Archival Collections of Thesis - Masters of Infomation Security
  7. Master of Science in Information Security - 2016
Please use this identifier to cite or link to this item: https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/3710
Title: A Machine Learning Based Approach for Phishing Detection On Smart Phones
Authors: Senavirathne, W.M.N.
Issue Date: 14-Sep-2016
Abstract: Phishing is one of the most common social engineering attacks which have now spread in to the realm of Internet connected mobile devices. Mobile devices are prone to phishing attacks comparing to a typical PC due to the limitations of the device, un awareness of the users and the complexity of connectivity. The solutions proposed in the phishing detection domain are basically using URL black lists or feature based machine learning techniques.When evaluating the above methods the URL black listing fail in terms of detecting new phishing sites. And the feature-based analysis undergoes the insufficiency of effective features and the high false positive rate.Therefore this research proposes a layered, comprehensive feature-based anti-phishing solution for mobile devices. The main challenge was to balance between the accuracy and the run time performance, which is an extremely important fact to mobile device users. The research aims at high classification accuracy, high run time performance and a lower false positive rate.The solution uses 15, URL,web and HTML based features for the analysis. Most of them are lexical features on the URL that are easy to process and very effective in distinguishing a phish from a benign URL. Existence of URL shortening is used as a novel feature introduced with the research. Moreover, we designed a URL white list filter to help runtime speedup.We comprehensively evaluated the anti-phishing solution in two phases. In the training phase we achieved accuracy more than 97% with a false positive rate of 0.024%. In the testing phase the accuracy was 93.40% with a false positive rate of 0.07%. The average time taken for classi-fication is about 1.76265 micro seconds.To complete the total transaction of detecting the status of a URL and reporting back to the mobile application it takes less than 5 seconds. With the above true positive and false positive rates along with the high run time speed the solution has demonstrated to be a competitive anti-phishing solution for mobile devices.
URI: http://hdl.handle.net/123456789/3710
Appears in Collections:Master of Science in Information Security - 2016

Files in This Item:
File Description SizeFormat 
2012MIS018.pdf
  Restricted Access		606.9 kBAdobe PDFView/Open Request a copy
Show full item record


Items in UCSC Digital Library are protected by copyright, with all rights reserved, unless otherwise indicated.