Computer Science Project Topics

Design and Implementation of an Anti-phishing System Using Machine Learning

Design and Implementation of an Anti-phishing System Using Machine Learning

Design and Implementation of an Anti-phishing System Using Machine Learning

Chapter One

AIMS AND OBJECTIVES OF THE STUDY

The aims and objectives of this system include;

  • Developing a phishing detection system.
  • Creating a reporting platform for other users of the platform to report fake websites in order to build the knowledge base.
  • Studying previous work on the proposed topic and looking for ways to improve them.
  • Optimizing the system.
  • Implementing security standards with the system.
  • Creating the system which can also give suggestions to guest users

CHAPTER TWO

REVIEW OF LITERATURE

This chapter examines in detail, the history and developments made in the ICT sector, through cyber security systems, previous research work on this subject of phishing, the laws made against phishing and examples of high profile lawsuits. We would also examine the characteristics, models, architectures and limitations as pointed out by various scholars and researchers. This will provide the ground work for figuring out an efficient way to implement a phishing detection system.

 OVERVIEW OF PHISHING

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication. Zulfikeer(2010). Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. As of 2020, phishing is by far the most common attack performed by cyber-criminals, with the FBI’s Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.

The first recorded use of the term “phishing” was in the cracking toolkit AOHell created by Koceilah Rekouche in 1995, Wright et al(2016) however it is possible that the term was used before this in a print edition of the hacker magazine 2600.Gunter(2006). The word is a leetspeak variant of fishing (ph is a common replacement for f ), probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for users’ sensitive information.

Attempts to prevent or mitigate the impact of phishing incidents include legislation, user training, public awareness, and technical security measures. (Josang et al, 2007)

The types of phishing include:

  1. E-mail phishing
  2. Spear phishing
  3. Whaling and CEO fraud
  4. Clone phishing
  5. Voice phishing
  6. SMS phishing

ANTI-PHISHING SYSTEMS

Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, e-mail, or other forms used to accessing data (usually from the internet) and block the content, usually with a warning to the user (and often an choice to view the content regardless). It is often integrated with web browsers and email clients as a toolbar that displays the important name for the web site the viewer is visiting, in an effort to prevent fraudulent websites from masquerading as other legitimate websites.

Most popular web browsers comes with built-in anti-phishing and anti-malware protection services, but almost none of the alternate web browsers have such protections. Aleksandersen(2006).

Password managers also can be wont to help defend against phishing, as can some mutual authentication techniques.

An independent study conducted by Carnegie Mellon University CyLab titled “Phinding Phish: An Evaluation of Anti-Phishing Toolbars” and released November 13, 2006 tested the power of ten anti-phishing solutions to block or warn about known phishing sites and not block or warn about legitimate sites (not exhibit false-positives), also because the usability of every solution. Of the solutions tested, Netcraft Toolbar, EarthLink ScamBlocker and SpoofGuard were able to correctly identify over 75% of the sites tested, with Netcraft Toolbar receiving the highest score without incorrectly identifying legitimate sites as phishing. Severe problems were however discovered using SpoofGuard, and it incorrectly identified 38% of the tested legitimate sites as phishing, resulting in the conclusion that “such inaccuracies might nullify the benefits SpoofGuard offers in identifying phishing sites.” Google Safe Browsing (which has since been built into Firefox) and Internet Explorer both performed well, but when testing ability to detect fresh phishes Netcraft Toolbar scored as high as 96%, while Google Safe Browsing scored as low as 0%, possibly thanks to technical problems with Google Safe Browsing. The testing was performed using phishing data obtained from Anti-Phishing working party , PhishTank, and an unnamed email filtering vendor.

 

CHAPTER THREE

METHODOLOGY

This chapter reviews how the existing system works as well as how to produce a better alternative for its improvement. The relationship among actors, entities, platform and information flows within the organization is very important. In a nutshell, system investigation and analysis studies an existing system with the view of improving on it or developing an entirely new system to replace the existing one. The major task here is to design a new system using tested and trusted development methods that is as efficient and probably more efficient than the existing one. The software development model is the Waterfall model.

FACTS FINDING 

Fact finding is an approach taken to acquire data about a specific or subject with the aim of analyzing and synthesizing the analyzed data to come up with a better system. Fact finding for this study was done by examining related publications, research work, journals and books.

ANALYSIS OF THE EXISTING SYSTEM(S)

In this section, thorough studying and analysis of the gathered data and fact were done on the existing system.

The typical process of an ordering system generally follows the processes of:

  • Registration
  • Log In
  • URL input into the search tool
  • Reporting known fake sites
  • Exit

SYSTEM DESIGN

The system as extensively described in previous chapters seeks to use the standard software development models which in this case is the Waterfall model, to create a standardized anti-phishing system. To achieve this goal above, we:

  • Ensure that user details are kept secure.
  • Ensure proper maintenance in terms of update of the knowledge base.
  • Ensure only admins are granted admin a privilege access to affect the database tables.

CHAPTER FOUR

IMPLEMENTATION AND RESULTS

INTRODUCTION

This chapter discusses the deployment and testing of the phishing detection system after the design and development. The Hardware and Software Requirements as well as Development tools are identified in this chapter.

PROGRAMMING LANGUAGE SELECTION

The programming languages used in this project include PHP, CSS, HTML and JavaScript. PHP was chosen as the server scripting language due to its reputation as a secure framework. It also has ease of use as all its functions are executed on the server. PHP was also considered based on its friendliness with databases. It is database driven.

 

CHAPTER FIVE

SUMMARY, CONCLUSION AND RECOMMENDATION

SUMMARY

A phishing was developed in this project. The system was able to register users and store their information and enabling login to make verifications of websites on the platform.

This project also explored the potential fraud prevention aspects of an ideal anti-phishing system in order to provide a reliable mode of transaction on the internet. This then emphasizes the need for a robust and well maintained online phishing detection system and increases the level of trust amongst users of the internet.

CONCLUSION

In conclusion, the anti-phishing system development is providing a way to have a good internet use experience, effectively and reduce the cost, slow nature and labour of the traditional methods. However, we have been able to increase the level of trust among internet users.

RECOMMENDATION

For future works, improvements can be made in terms of user identification and verification. Data security, data retrieval and fraud detection and reporting should be a vital consideration in development of any further web based machine learning systems.

REFERENCES

  • Ramzan, Zulfikar (2010). “Phishing attacks and countermeasures”. In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.
  • Van der Merwe, A J, Loock, M, Dabrowski, M. (2005), Characteristics and Responsibilities involved in a Phishing Attack, Winter International Symposium on Information and Communication Technologies, Cape Town, January 2005.
  • “Landing another blow against email phishing (Google Online Security Blog)”. (2012).
  • Dudley, Tonia.(2019)”Stop That Phish”. Archived from the original on 21 March 2021.
  • “What is Phishing?”. (2016). Archived from the originalon 16 October 2016.
  • “Internet Crime Report (2020)”(PDF). FBI Internet Crime Complaint Centre. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
  • Wright, A; Aaron, S; Bates, DW (2016). “The Big Phish: Cyberattacks Against U.S. Healthcare Systems”. Journal of General Internal Medicine31 (10):
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!