Phishing analysis and developing anti-phishing techniques رسالة ماجستير

Abstract

Phishing is a kind of internet fraud that employs socially engineered messages to deceive users into declaring their sensitive information -including their credentials. Phishing attacks start by communicating with a user or a group of users using a professional email message phone call, SMS, or any other electronic method that draw an illusion to the user that it comes from a legitimate source as an institution in which the user has an account. This message requests the user to declare his credentials by submitting them to a fake website that is professionally designed to be similar to the original website of the institution. This type of electronic attacks has been adapting their nature to the countermeasures that are implemented by web site vendors and users, and became a real threat to financial institutions and electronic commerce sites. The proposed work will focus on fighting phishing attacks using two strategies. The first strategy will focus on preventing phishing attacks by solving the root causes or weakness points in current web authentication schemes. In this context, we propose two novel authentication schemes that are immune to phishing attacks. The first one extends the authentication process into a new level that leverages the user’s mobile phone as a second authentication factor; the user through a dedicated mobile application shall confirm every login attempt. This scheme depends on the ubiquitous nature of modern smart phones and internet connectivity and employs Google Cloud Messaging service for sending login notifications the user’s mobile application. The second authentication scheme addresses the weakness of password-based authentication. The proposed scheme replaces password-based authentication with a new authentication strategy that leverages the user’s mobile as an vi identity prover. The proposed scheme applies mutual authentication between the user’s mobile and the website using digital signatures and a symmetric shared key. When the user initiates a login request, the server will respond by an encrypted login token encapsulated in a QR code, the code will be processed by the user’s mobile application that presents the user identity to the server. The second proposed strategy in fighting phishing attacks focuses on mitigating phishing attacks by applying a smart phishing email classifier on the email system level. The proposed scheme applies the knowledge discovery model, data mining techniques and semantic text processing techniques to build an intelligent classifier that is able to classify phishing content at the early stage of the phishing campaign. The proposed classifier was tested on two accredited data sets composed of more than 10000 phishing and legitimate emails; it achieved an incredible positive classification rate of 99.1 % using the random forest algorithm.