Enhanced Model To Detect Phishing Web Sites Based On Fuzzy Logic And Heuristic Approach

Abstract

With the rapid growth of Internet usage and online transactions web attacks also have increased during recent years. Among them phishing attacks are common and the damage is higher. Phishing is the attempt to steal sensitive information like usernames, passwords, credit card numbers etc from users. Most of the time this is done by deceiving the users by making website similar to legitimate sites. Users are unable to identify the difference. Therefore they use their confidential information in these sites. So phishers collect these data and misuses them. According to Anti Phishing Working Group, compared to 2015 there is 65% increase in number of phishing attacks in 2016. Researches have proposed different solutions to this problem. But none of these have been able to solve the issue completely due to the dynamic and complex nature of the problem. Therefore a better solution to fight these phishing attacks is an urgent need nowadays. In this research we proposed and developed an enhanced model to detect phishing websites based on fuzzy logic and heuristic approach. 10 features have been identified which distinguishes a phishing website from a legitimate website depending on the URL of the website. The values for these features are the input to the model. It is a fuzzy model which is capable of deciding whether a given URL is a phishing website or a legitimate website. To decide this, the model uses fuzzy rules, which are derived, based on data mining classification process. The model was developed using Java programming language together with fuzzy control language. The final model was evaluated based on confusion matrix and the model was able to show 82.56 % overall accuracy rate with higher true positive rate. A chrome browser extension was developed and it is able to detect phishing sites in real time. This helps the users to protect their sensitive information from phishers.