Prevention of Phishing Attacks Based on Discriminative Key Point Features of WebPages

Transcription

1 Prevention of Phihing Attack Baed on Dicriminative Key Point Feature of WebPage Mallikka Rajalingam School of Computer Science Univeriti Sain Malayia Pulau Penang,11800, Malayia Saleh Ali Alomari School of Computer Science Univeriti Sain Malayia Pulau Penang,11800, Malayia Putra Sumari School of Computer Science Univeriti Sain Malayia Pulau Penang,11800, Malayia Abtract Phihing i the combination of ocial engineering and technical exploit deigned to convince a victim to provide peronal information, uually for the monetary gain of the attacker (Phiher). Attempt to top phihing by preventing a uer from interacting with a maliciou web ite have hown to be ineffective. In thi paper, preent an effective image-baed anti-phihing cheme baed on dicriminative key point feature in WebPage. We ue an invariant content decriptor, the Contrat Context Hitogram (CCH), to compute the imilarity degree between upiciou page and authentic page. To determine whether two image are imilar, a common approach involve extracting a vector of alient feature from each image, and computing the ditance between the vector, which i taken a the degree of viual difference between the two image. The reult how that the propoed cheme achieve high accuracy and low error rate. Keyword: Image Clutering and Retrieval, Anti-Phihing Mechanim, Digital Image Proceing, Security 1. INTRODUCTION Phihing i alo known a "brand poofing. It i pronounced a fihing. The word ha it origin from two word Paword harveting or fihing for paword. Phihing i a type of deception deigned to teal your valuable peronal data, uch a credit card number, paword, account data, or other information. Phihing i a form of online identity theft aociated with both ocial engineering and technical ubterfuge. Attacker might end million of fraudulent meage that appear to come from Web ite you trut, like your bank or credit card Company, and requet that you provide peronal information [25]. A cam artit become more ophiticated, o do their phihing meage and pop-up window, they often include official-looking logo from real organization and other identifying information taken directly from legitimate Web ite. When uer unwittingly browe phihing page and enter their peronal information like uer name and paword their paword will get tored in the attacker databae and then uer are redirected to original ite directly by way of phiher-controlled proxie. Phihing ha thu become a eriou threat to information ecurity and Internet privacy [16]. To deceive uer into thinking phihing ite are legitimate, fake page are often deigned to look almot the ame a the official one in both layout and content. Phiher might inert an arbitrary advertiement banner that redirect uer to another maliciou Web ite if they click on it. So, phihing attack have become a eriou threat. To reduce phihing attack there i a group called APWG (Anti Phihing Working Group) International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

2 which will have a lit of phihing page. If a uer find that the page he viit i a phihing page then he can report it to the APWG [10]. They will add that page in the lit of phihing page. Firt to find whether the page i a phihing page or real page, we ve developed a color baed image comparion method. Color play a vital role in an image. Even a mall difference can be found by comparing image baed on color. Nowaday, the phihing attack ha become a bigger problem. It reult in tealing One peronal information like Gmail account and bank paword. To avoid phihing attack many method are developed, but none of the method i more efficient enough to olve uch thi kind of problem and till the phihing attack take place. The method that we developed here i purely imagebaed [4]. Snaphot of the requeted page i taken. The page i tored a an image then the next tep i to get the original page naphot which i alo aved a an image. Then elect the ource image a well a the elect the target directory which contain the image to be compared. The image are compared by uing color ratio. The difference i noted and reported to the uer. When the difference i zero then the page i not a phihing page. Thi anti phihing tool i very efficient becaue it compare the phihing and authentic page baed on the viual appearance level, intead of rather than uing text-baed analyi [7]. 1.1 A Growing Problem in Phihing The phih attack volume increaed 33% in April to 36,557 attack, continuing the growth trend from March. Phih attack had been in general decline from Augut 2009 to February 2010, but now look et to return to the eaonal growth trend that ha hitorically peaked in late Summer/early Fall [9]. In Augut 2009, for example, the high point of fat-flux phih attack Produced 60,678 incident. A hown in Figure. 1, the monthly attack from April 2009 to April 2010 averaged 45,605. Phih attack volume ha not returned to the level een in April 2009, but note that thi chart doe not include branded malware attack, which cybercriminal are likely to have launched during period of lower phih volume. FIGURE 1: Monthly Phihing Attack A hown in the Figure.2, the payment ervice ector wa the primary ector favored by phiher accounting for 41% of phih attack in April. The financial ector, hitorically the mot popular phihing ector, accounted for 33% of phih attack. The auction ector wa targeted in 7% of attack [8]. The Other category, which include ocial network, online gaming, online media, variou Internet companie, a well a other organization, accounted for 14% of attack. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

3 FIGURE 2: Phihing by Indutry 1.2 Phihing Attack Employ viual element from target ite. Mot method of phihing ue ome form of technical deception deigned to make a link in an (and the poofed webite it lead to) appear to belong to the poofed organization. Mipelled URL or the ue of ub domain are common trick ued by phiher [11]. Example: original link, Fake link. Here are a few phrae that a phihing page may contain verify your account, buinee hould not ak you to end paword, login name, ocial ecurity number, or other peronal information through . FIGURE 3: Phihing Attack From the Figure.3, if you receive an from anyone aking you to update your credit card information, do not repond, thi i a phihing cam. If you don't repond within 48 hour, your account will be cloed. Thee meage convey a ene of urgency o that you will repond immediately without thinking. In the Figure.4, the phihing might even claim that your repone i required becaue your account might have been compromied [3]. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

4 FIGURE 4: Phihing page The above page look like an original Gmail page. But it i a phihing page. Whenever thi type of page appear before a uer then the uer enter the uer name and paword which get tored in the attacker databae. Thi type of attack will be a eriou one if the attacker teal the uer bank uer name and paword and miue it. The remaining of thi paper i organized a follow. Baic characteritic of phihing technique and related work are decribed in ection 2. The methodology and approache of phihing attack are dicued in ection 3. Variou performance teting technique are in ection 4. Reult and output are in ection 5. Then we ummarize the whole procedure and draw concluion in ection RELATED WORK In a SOPHOS white paper-2005, Phih Guru i an embedded training ytem that teache uer to avoid falling for phihing attack by ending them imulated phihing . People acce thee training in their inbox when they check their regular . The training look jut like phihing , urging people to go to ome webite and login. If people fall for the training that i, if they click on a link in that . We provide an intervention meage that explain that they are at rik for phihing attack and offer tip they can follow to protect themelve. The training material preent the uer with a comic trip that define phihing, offer tep the uer can follow to avoid falling for phihing attack, and illutrate how eay it i for criminal to perpetrate uch attack [2]. Defending the weaket link, phihing webite detection by analyzing uer behavior, we have ued a novel paradigm analyi of the uer behavior to detect phihing webite. We have hown that it i an accurate method, dicued how it ha been deigned and implemented to be hard to circumvent, and have dicued it unique trength in protecting uer from phihing threat. UBPD i not deigned to replace exiting technique. Rather it hould be ued to International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

5 complement other technique, to provide better overall protection. We believe our approach fill a ignificant gap in current anti-phihing technology capability. The image matching i a fundamental problem in computer viion. The exiting prevention and detection cheme to combat Phihing in multiple way. The endle competition between computer viru writer and antiviru oftware developer, phiher will certainly trive to develop countermeaure againt antiphihing olution. In the exiting content-baed approach, thi analyze the HTML code and text on a webpage, proved effective in detecting phihing page. However, phiher reponded by compiling phihing page with non-html component, uch a image, flah object, and Java applet. The exiting ytem phiher may deign a fake page which i compoed entirely of image, even if the original page only contain text information. In thi cae, the upect page become unanalyzable by content baed anti-phihing tool a it HTML code contain nothing but HTML <img/> element [6]. The drawback of exiting ytem are ineffective to top phihing attack, low degree of accuracy, high error rate, not uceptible to change in webpage apect ratio and color ued. Juan Chen and Chuanxiong Guo propoed a new end-hot baed anti-phihing algorithm, which we call LinkGuard, by utilizing the generic characteritic of the hyperlink in phihing attack. Thee characteritic are derived by analyzing the phihing data archive provided by the Anti- Phihing Working Group (APWG). Becaue it i baed on the generic characteritic of phihing attack, LinkGuard can detect not only known but alo unknown phihing attack [21]. Bryan Parno, Cynthia Kuo, and Adrian Perrig propoed uing a truted device to perform mutual authentication that eliminate reliance on perfect uer behavior, toward Man-in-the-Middle attack after etup, and protect a uer account even in the preence of keylogger and mot form of pyware. We demontrate the practicality of our ytem with a prototype implementation [22]. A pammer i a peron who create pam meage. Fraudter are people involved in Internet fraud, a practice indulged in by individual who pam potential victim. It ha been reported that in 2003 alone, peronal loe amounting to more than 200 million dollar reulted from fraudulent intruion [23]. Tom Jagatic, Nathaniel Johnon, Marku Jakobon, and Filippo Menczer propoed context aware phihing, an attacker would gain the trut of victim by obtaining information about their bidding hitory or hopping preference (freely available from ebay), their banking intitution (dicoverable through their Web brower hitory, made available via cacading tyle heet), or their mother maiden name (which can be inferred from data required by law to be public) [24]. In thi paper we propoed detecting phihing page baed on the imilarity between the phihing and authentic page at the viual appearance level, intead of rather than uing text-baed analyi. We firt take a naphot of a upect webpage and treat it a an image in the remainder of the detection proce. We alo propoe image-baed phihing detection cheme that ue the Color ratio and color mode uch a RGB to compare image, finally after compared the reult will how whether authentic webpage i phihing webpage or not. Our cheme can detect phihing page with a high degree of accuracy. 2.1 Propoed Solution Phihing attack ha become a eriou threat to internet uer. It reult in tealing one peronal information like Gmail paword, bank paword, etc. It i an illegal way. To reduce phihing attack there are many method developed to avoid phihing attack. The method propoed here i very different. It purely baed on image comparion rather dealing with old text baed analyi anti-phihing mechanim. It compare original and authentic webpage image and produce the reult [4] [5]. Firt naphot of the upected web page i taken and compared with original web page and the reult of the comparion help the uer to identify the phihing page. The main objective of the project i to prevent phihing attack. To make Online Banking and tranaction of money more ecured. To prevent the uer of gmail, rapidhare, paypal, ebay, etc. getting hacked. To prevent the uer lo of data in Internet. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

6 3. METHODOLOGY AND APPROACH There are four phae 1) Phihing attack demo 2) Web page naphot 3) Image wizard 4) Comparion of web page. FIGURE 5: Sequence Diagram for Prevention of Phihing Attack FIGURE 6: Sequence Diagram for Attack 3.1 Phihing Attack Demo Phihing attack i performed to teal one peronal information. When a uer requet a web page the phiher will end their web page which they have developed [13]. They will develop a International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

7 phihing page which will be ame a that of the original page but there will be ome light difference. Attacker will end it to the uer. For example, in the Figure.7 to teal the bank information of a particular uer the attacker will end that the account will expire within today if you fail to fill in the detail in the given ite and a link will be provided below. The link which i given will not be the original bank webite. It will contain ome official logo which will look imilar to the original web ite of a bank. Sometime there will be change in the name of the webite in jut one character which will be hard for a uer to find out. For example, will be given a Suddenly when the uer ee a page with the above pecified link they will believe it a an original page. Unknowingly the uer enter their paword or ome peronal information which will be taken directly to the phiher erver and will get tored in their databae. Later the attacker miue the information given by the uer. By uing HTML and PHP cript, thi attack i carried out. FIGURE 7: E-Banking Fake Page [26] 3.2 Web Page Snaphot Next tep i to take the naphot of the authentic page. In Figure.9 how the naphot of the authentic page we ue a tool which will take naphot of webpage and ave in the file ytem in the required image format. It hould be aved only in any of the image format becaue the web page ha to be compared with the original web page. Here pecialized tool i needed becaue we can t take the naphot normally uing print creen key in keyboard. By uing print creen key the uer can take the whole window environment and not the required web page alone. Thi will not give a correct reult becaue if the naphot of the original webpage image i taken in window, and when the naphot of the authentic page i taken in Linux operating ytem the environment differ and the reult will be error prone. So, a tool i neceary to take the naphot of the web page. 3.3 Image Wizard Next i to deign a wizard to compare the image. In Figure.10 how the Wizard i deigned in uch a way that everything appear in the wizard i clear and ytematic. Separator are ued to clearly ditinguih each one. The upcoming window give intruction to proceed to next window. Firt the earch image i elected and the target directory hould be pecified in the next tep. The panel are deigned uer friendly and alo image panel are ued in thi wizard to preview the image that are choen already. If there are no image in the pecified target directory the wizard i deigned in uch a way that an error will be diplayed. So, that the uer doen t wate their time by going to the next tep of comparing image. Other than that the wizard can get the etting from the uer o that ometime uer can give the level of accuracy they needed while comparing image. If out of bound value are given then the wizard take the default value that i pecified. Firt the original image i taken from the directory which i already tored in that directory. Then we have to pecify the target directory which contain imilar image. In Figure.11 International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

8 how the wizard i deigned in uch a way that default etting can alo be et in preference window. 3.4 Comparion of Image Next tep i to compare the image. A aid earlier in image wizard module uer can give the ratio of the accuracy they need while comparing image [1]. Firt the uer i allowed to enter the number of ection by which the image hould be divided. Then the image i divided into block a given by the uer. The target image i alo divided into ame number of block like the original image. The image i divided into block by uing k-mean algorithm. If the uer give n number of ection then both the image will be divided into n*n number of block. For example, if the uer give number of ection=3 then both image will be divided into 9 block. Get the height and width of the both the image. In thi wizard we can alo give the number of overlapping value. Intead of taking and comparing each and every whole block, we can alo compare block that are overlapping. So that can obtain a clear and error prone reult. The overlapping value given by the uer i taken and it i multiplied with the width and height of the image. By thi way we can calculate for overlapping block alo. Next tep i to give the color ratio for the image. Firt the RGB value of both the image are obtained. Then the average value of the RGB color i obtained. In next tep the tandard deviation i obtained. Standard deviation determine the range of the color. FIGURE 8: RGB Color Image The Figure.8 how how to find the RGB value, decompoition of a 32-bit RGB color pixel uing bit operation. The R component (bit 16-23) of the RGB pixel C(above in the fig) i iolated uing a bitwie AND operation(&) together with a bit mak M=0xff0000. All bit except the R component are et to the value 0, while the bit pattern within R component remain unchanged. Thi bit pattern i ubequently hifted 16 poition to the right(>), o that the R component i moved into the lowet 8 bit and it value lie in the range of 0 to 255. During thi hift operation, zero are filled in from the left. The contruction of an RGB pixel from the individual R,G and B value i done in the oppoite direction uing the bitwie OR operator( ) and hifting the bit left(<): ((red & 0Xff)<<16) ((green & 0Xff)<<8) blue &0Xff Making the component value with 0Xff work in thi cae becaue except for the bit in poition 0 to 7(value in the range 0 to 255), all the other bit are already et to zero. Thu the RGB value i obtained which i then converted into HSV mode. The average color ratio of both the image are obtained by uing: Red average= um of all the Red Pixel in the image R (P)/No. Of pixel in the image P Green average= um of all the Green Pixel in the image G (P)/No. Of pixel in the image P B average= um of all the Blue Pixel in the image B (P)/No. Of pixel in the image P Where, R (P) = RED component pixel, G (P) = GREEN component pixel, B (P) = BLUE component pixel, P =No. of pixel in the image International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

9 After finding the average value, each and every block of the ource image i compared with the target image. By uing tandard deviation, it find the amount the image i deviated from the average value. The difference between the average value i calculated. If the difference value i zero then the particular page i a real page. If the difference value i more than zero then the page i a phihing page. From the Figure.14, If it i a phihing page then the peron can directly report it to the Anti-Phihing Work Group (APWG) uing thi tool by clicking the button report phihing. By clicking thi button the uer i redirected to APWG web ite where the uer can give the name of the link which i a phihing page. In thi cae, the other uer will not be fooled by the ame link. 4. PERFORMANCE ANALYSIS ON VARIOUS TESTING There are two general categorie of teting. Pre implementation and pot implementation. The oftware teting for the proce planning ytem ha been done during the pre-implementation tage uing variou oftware teting trategie. 4.1 Unit Teting The individual module are teted for proper functioning and are found to be atifactory a regard to the expected output from the module. The whole work i divided into module and every module i teted independent of other module and their functionalitie. If the teting of the module require ub diviion for accurate output they are permiible. The teting i carried out during programming tage itelf. There are ome validation check for verifying the data input given by the uer for the authentication purpoe. The error could be identified and debugged. 4.2 Interface Teting After the module are individually teted we confine the teting proce to each and every interface which ha been developed in the application ince every interface i a mater creen. During the interface teting, the GUI interface are teted accordingly a per their functionality precribed. Thi teting would enure the proper functioning of the interface a per the requirement demanded. Interface teting would improve the performance of the ytem 4.3 Black Box Teting Thi teting focue on the functional requirement of the oftware and alo it enable the oftware engineer to drive the et of input condition that will fully exercie functional requirement for a program. It attempt to find error uch a incorrect miing function, interface error, error in data tructure or external databae, acce, performance error, initialization and termination error. The oftware ha been teted to drive a et of cae that atify the uer requirement 4.4 Integrated Teting The need for the integrated teting i to find the overall ytem performance, while teting the whole application there are chance of reoccurrence of error becaue, previouly all the teting technique were ued to tet ome individual module. Now we would integrate all of them and would tet for their compatibility a a whole for all the interface and the charting proce becaue they are all interdependent on each other. The application ha been teted for variou kind of input and ha uccefully paed. 4.5 Validation Teting At the culmination of Black Box teting, oftware i completely aembled a a package and teted a a whole unit. Validation teting i where the requirement etablihed a part of the oftware requirement analyi are validated againt the oftware that ha been contructed. It enure that the oftware meet all the functional, behavioral and performance requirement. The application wa teted on variou input which authenticate the uer a pecified by the organization. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

10 5. RESULTS AND OUTPUT The reult how that the tet of our method i more efficient when compared with exiting work. The tet cae how the performance analyi with different parameter a hown in Table.1. Thi make well to get appropriate output. An example for our tet i Gmail original and Gmail fake page a hown in Figure.15 and Figure.16 repectively. Tet Cae File name Director y name Color value RGB or HSV Number of ection Overlap ping region Input Expected Input Output Text file Image file Inva lid No file in the directory Color value>10& &color value<0.1 Nothing i elected Number of ection>10 0 and <1 Overlapping region>10 0 and <0 Image file Color value<10& &color value>0.1 One radio button i choen Number of ection< 100 and >1 Overlappi ng region<1 00 and >0 No ima ge in the dire ctor y Inva lid valu e Inva lid valu e Inva lid valu e Inva lid valu e Expecte d Outp ut Imag e from the peci fied direct ory i loade d Selec t the requi red file from the direct ory Valu e acce pted Valu e acce pted Valu e acce pted Valu e acce pted Re u lt P a P a P a P a P a P a TABLE 1: Performance baed on difference parameter International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

11 FIGURE 9: Chooing Source Image In Figure.9, Chooe the ource image by clique the browe option to diplay the path. From the root directory required ource can be identified. FIGURE 10: Chooing the Parameter In Figure.10, how the ratio between different element in comparion for identification. The tandard color deviation give the appropriate ratio. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

12 FIGURE 11: No Image in the Directory In Figure.11, how after electing the root directory, the appropriate image ha to be elected otherwie the pop-up menu will be diplayed FIGURE 12: Image Similarity In figure.12, Give the imilarity of earch image and exiting image. Thi method i the eay way of find the phihing page. Thi will improve the efficiency of the web page. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

13 FIGURE 13: Diplaying the Difference Value In Figure.13, baed on the difference value can identify the original and fake page. If the difference value i 0, then real page will be diplayed. The difference value i other than 0 will produce phihing page. FIGURE 14: Reporting to the APWG ite International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

14 FIGURE 15: Gmail Original Page [ FIGURE 16: Gmail Fake Page To prevent the phihing attack, the naphot of the web page that appear before the uer in taken. Then the web page i tored a an image in a directory. The anti-phihing tool take the International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

15 naphot of the original web page and tore it. The original page i choen from the directory. Then both the image are compared. If the difference value i zero then the page i a real page ele if the value i a non-zero then the page i a phihing page. If the page i reported a phihing page then elect report to phihing button which redirect to APWG webite where the uer can report the page a phihing page and that page will be added to the lit of phihing page. Technique Year Propoed Work Reult Spear Phihing 2005 Spear phihing i an poofing fraud attempt that target a pecific organization, eeking unauthorized acce to confidential data % CCH 2006 Whaling 2008 Spoofing 2004 Tabnabbing 2009 A contrat value i defined a the difference in intenity between a point and the alient corner. The cybercrime practice of phihing maquerading online a a trutworthy ource to try to teal people' enitive information i coming up againt ome eriou competition in the form of "whaler". Spoofing attack i a ituation in which one peron or program uccefully maquerade a another by falifying data and thereby gaining an illegitimate advantage. Tabnabbing i a computer exploit and phihing attack, which peruade uer to ubmit their login detail and paword to popular web ite by imperonating thoe ite and convincing the uer that the ite i genuine % 96.37% 98% 97.98% TABLE 2: Phihing technique compared with other related work From the above table 2, The CCH performance i high when compared with other technique like pear phihing, whaling, poofing and tabnabbing. Tabnabbing i one of the recent technique introduced in phihing attack. Whaling i uing for cybercrime of phihing, online information can try to teal by the people. Spoofing i well know phihing attack ued to identify fale data, i ued to improve the efficiency of the web page. 5.1 Non Functional Requirement Portability: Thi tool i platform independent; it can run in any operating ytem. Efficiency: It i very peed in nature becaue thi tool doe not contain any databae. So, CPU cycle will not be wated in retrieving data from databae. Time: Time i a main contraint in a work. The comparion i done only a per the requirement of the uer. International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

16 Uability: Thi tool i very eay to ue becaue of it uer friendly comparion wizard. Even a normal peron can ue it without any difficulty. Scalability: In future we can update the tool by adding ome extra feature. Thi tool will function properly irrepective of any update. Performance: It can perform high even if there are more image to compare. Error Handling: When there i no image in the pecified directory then the wizard will tell the uer a no image. It i robut in nature. Acceibility: It i eaily acceible becaue it i in the univeral language Englih. Accuracy: Thi tool can detect even a mall difference between the image becaue it matche the color ratio of the image. So, it i highly accurate. Capacity: It can hold many number of image to compare. Viibility: The viibility i good. The font ued i bigger in ize. Each panel contain intruction which will lead the uer to the next tep. 6. CONCLUSIONS Nowaday, all activitie like banking, hopping, etc. are carried out only uing internet. There are more chance for the phiher to teal the information from the uer. So ecurity play a major role. Thi project i developed to prevent attack like phihing attack. By thi attack the attacker teal the peronal information of a uer and miue it. To avoid phihing attack, here we propoed a color baed image comparion method i developed. To prevent phihing attack there are method which are inefficient. All method ue only text baed comparion which i not error free becaue the attacker ha tarted to inert image which look imilar to that of the original image. So, by text baed comparion the difference between the real and the fake page cannot be found. Color i the mot important feature in an image. So, in thi project we have developed an image baed comparion method which compare the image baed on the color value. Only the company which created that webite know about the color range of the image preent in the web page. None can deign a fake web page imilar to the original page with that ame color range. So, by comparing image uing color value will give an accurate reult. Thu, thi antiphihing tool i highly efficient and error free. Thi anti-phihing tool can be ued in online banking, online hopping and to maintain the mail account. Even when there i a mall variation in the web page thi tool can find it and report to the uer and another main advantage i that the uer need not wate time by earching internet to report the page to APWG. Intead a button i embedded in thi tool which will redirect the uer to the APWG web ite. In Future work, can develop a fully automated crawling framework by uing attribute-baed phihing attack that developed for teting, along with main experimental reult. 7. ACKNOWLEDGMENT Sincere thank and recognition goe to my advior, Aociate Profeor, Dr. Putra Sumari, who guided me through thi reearch, inpired and motivated me. We alo thank the Univeriti Sain Malayia USM for upporting thi reearch. 8. REFERENCES [1] A. Kannan, V. Mohan and N. Anbazhagan. Image Clutering and Retrieval uing Image Mining Technique. IEEE International Conference on Computational Intelligence and Computing Reearch, vol.2, 2010 [2] SOPHOS 2005, acceed April 2011 [3] M. Jakobon, and S. Myer: Phihing and Countermeaure: Undertanding the Increaing Problem of Electronic Identity Theft Wiley, 2007 [4] W. Burger and M. Burge. Digital image proceing: an algorithmic introduction uing Java. Springer, Page: , 2008 International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

17 [5] S.R. Kodituwakku et al. Comparion of Color Feature for Image Retrieval. Indian Journal of Computer Science and Engineering, vol.1, no.3, pp , 2004 [6] APWG, acceed March 2011 [7] Wikipedia, acceed April 2011 [8] Webopedia, acceed April 2011 [9] M. Aburrou, M.A.Hoain, Kehav Dahal and Fadi Thabtah. Experimental Cae Studie for Invetigating E-Buine Phihing Technique and Attack Strategie. Springer Science, Cong Comput 2010, vol.2, No , April 2010 [10] APWG. acceed 8 Augut 2009 [11] M. Chandraekaran, K Narayanan and S Upadhaya, PHONEY:Mimicking Uer Repone to Detect Phihing Attack, To appear at TSPUC Workhop, affiliated with IEEE WoWMoM, 2005 [12] K. Chen, C. Huang and C. Chen. Fighting Fihing With Dicriminative Keypoint Feature. IEEE INTERNET COMPUTING, 2009 [13] K. Plol, H. Federrath and T. Nowey. Protection Mechanim Againt Phihing Attack. Proc, 2 nd Intl.Conf. on TruBu 05, LNCS 3592, Springer-Verlag, 2005 [14] M. Wu, R.C.Miller, S.L.Garfinkel, Do ecurity toolbar actually prevent phihing attack?, in CHI (to appear), [online]. Available: [15] S. Kierkegaard, Swallowing the bait, hook, line and inker: Phihing and Pharming and now rat-ting!, in Managing Information Service in Financial Service H.R. Roa, M. Gupta, S. J. Upadhaya, Ed.USA:IGI publihing, 2008, pp [16] N.P. Singh. Online Fraud in Bank with Phihing. Journal of Internet Banking and Commerce, vol.12, 2007 [17] Phihtank acceed 14 November 2008 [18] A. Abbai and H. Chen. A comparion of fraud cue and claification method for fake ecrow webite detection. Springer, Inf Technol March, 2009 [19] R. Kanthety and S. Saradhi. Prevention of Phihing Attack uing Link-Guard Algorithm. International Journal of Computer Science Iue (IJCSI). vol. 7, no. 2, uppl.4, 31p.March 2010 [20] A. Martin, Na.Ba.Anutthamaa, M. Sathyavathy, Marie Manjari Saint Francoi and Dr. Praanna Venkatean. A Framework for Predicting Phihing Webite Uing Neural Network. International Journal of Computer Science Iue (IJCSI). vol. 8, Iue 2, March 2011 [21] Juan Chen and Chuanxiong. Online Detection and Prevention of Phihing Attack. IEEE Communication and Networking, NSFC, 2005 [22] Bryan Parno, Cynthia Kuo, and Adrian Perrig. Phoolproof of Phihing Prevention. Financial Cryptography and Data Security, Springer, 2006 International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :

18 [23] Total Number of Fraud Complaint & amount paid. 2003, [24] Tom Jagatic, Natheniel Johnon, Marku Jakobon, and Filippo Menczer. Social Phihing. Communication of ACM, 2005 [25] Thoma J. Holt and Danielle C. Grave. A Qualitative Analyi of Advance Fee Fraud Scheme. International journal of Cyber Criminology, vol.1, iue.1, 2006 [26] International Journal of Computer Science and Security (IJCSS), Volume (6) : Iue (1) :