Efficient and fast server based phishing detection system using url lexical analysis

Abstract

Phishing attack detection is a significant research area for network security applications. Legitimate websites is typically prone to phishing attacks. Phishing poses an ongoing challenge and continues to be a threat via numerous vectors such as search engines, fake websites, emails and instant messages. It has evolved its deceptions to remain one step ahead of the latest countermeasures. It exploits the weaknesses of the users which makes solving this problem especially complex. Phishing classifier uses the extracted features to detect the phishing websites and it depends on either the website’s content, the Uniform Resource Locator (URL) or both of them. The URL feature extraction comprises host and lexical information. In this thesis, the feature extraction is based on the lexical features only in order to reduce the processing overhead due to the host information feature extraction. These features are utilized by a classifier to detect the phishing website. Most of the phishing attack detection strategies served the client side detection mechanisms. In this thesis, a new server side phishing attack detection technique is proposed to achieve fast, robust and accurate system by using lexical features alone. The first part of thesis presents analysis and development for the existing lexical features of URL including the tokenization and n-gram mechanisms which extract and analyze tokens and n-gram distribution of legitimate and phishing datasets followed by implementing Token based Classifier (TCL) and N-gram based Classifier (NGCL). Therefore, TCL and NGCL segment URLs into tokens and n-grams respectively and employ their distribution for classification process. Also, the first part of thesis proposing Language Model based Classifier (LMCL) which build a model for both of phishing and legitimate classes to classify URLs according to the highest probability and compared with TCL and NGCL classifiers.