Detection E-banking phishing using Associative classification

People often purchase products online and make payment through e-

banking. There are many E-banking phishing websites. In order to detect the e-banking
phishing website our system uses an e ective classi cation data mining algo-rithm. The e-
banking phishing website can be detected based on some impor-tant characteristics like URL
and Domain Identity, and security and encryption criteria in the nal phishing detection rate.
1. The phishing website can be detected based on some important char-acteristics like URL and
Domain Identity, and security and encryption criteria in the nal phishing detection rate.
2. This application can be used by many E-commerce enterprises in order to make the whole
transaction process secure.
3. Data mining algorithm used in this system provides better performance as compared to other
traditional classi cations algorithms
4. System uses machine learning technique to add new keywords into database.

Modules

 Admin and user Registraton Modules

 use Algorithm Modules

 Pattern Matching Modules

 Weburl analysis Modules

The concept is an end-host based [1] anti-phishing algorithm, called the Link Guard, by
utilizing the generic characteristics of the hyperlinks in phishing attacks. The Link Guard
algorithm works as follows. In its main routine LinkGuard, it rst extracts the DNS names
from the actual and the visual links.

The Link Guard algorithm works as follows. In its main routine LinkGuard, it rst extracts the

DNS names from the actual and the visual links (lines 1 and 2). It then compares the actual

and visual DNS names, if these names are not the same, then it is phishing of category 1
(lines 3-5).If dotted decimal IP address is directly used in actual DNS, it is then a possible

phishing attack of category 2 (lines 6 and 7).If the actual link or the visual link is encoded.

(Categories 3 and 4), we rst decode the links, then recursively call Link Guard to return a
result (lines 8-13). When there is no destination information (DNS name or dotted IP
address) in the visual link (category 5), Link Guard calls Analyses to analyse the actual DNS
(lines 16 and 17). Link Guard therefore handles all the 5 categories of phishing attacks.
Analyses and the related subroutines are depicted in Figure 5.1. In Analyse DNS, if the
actual DNS name is contained in the blacklist, then we are sure that it is a phishing attack
(lines 18 and 19). Similarly, if the actual DNS is contained in the whitelist, it is therefore not
a phishing attack (lines 20 and 21). If the actual DNS is not contained in either whitelist or
blacklist, Pattern Matching is then invoked (line 22).

Pattern Matching Modules

Pattern matching is designed to handle unknown attacks (blacklist/whitelist is useless in this
case). For category 5 of the phishing attacks, all the information we have is the actual link
from the hyperlink (since the visual link does not contain DNS or IP address of the
destination site), which provide very little information for further analysis. In order to
resolve this problem, we try two methods:
Weburl Modules
First, we extract the sender email address from the e-mail. Since phishers
generally try to fool users by using (spoofed) legal DNS names in the sender. e-mail address,
we expect that the DNS name in the sender address will be di erent from that in the actual
link. Second, we proactively collect DNS names that are manually input by the user when
she surfs the Internet and store the names into a seed set, and since these names are input by
the user by hand, we assume that these names are trustworthy.Weburl then checks if the
actual DNS name of a hyperlink is di erent from the DNS name in the senders address (lines
23 and 24), and if it is quite similar (but not identical) with one or more names in the seed set
by invoking the Similarity (lines 25-30) procedure.

The similarity index between two strings are determined by calculating the minimal number
of changes (including insertion, deletion, or revision of a character in the string) needed to
transform a string to the other string. If the number of changes is 0, then the two strings are
identical; if the number of changes is small, then they are of high similarity; otherwise, they
are of low similarity.
 SYSTEM DESIGN AND DEVELOPMENT
Data Flow Diagram

Data Flow Diagram (DFD) is a two-dimensional diagram that describes how data is processed
and transmitted in a system. The graphical depiction recognizes each source of data and how it
interacts with other data sources to reach a mutual output. In order to draft a data flow diagram
one must
 Identify external inputs and outputs

 Determine how the inputs and outputs relate to each other

 Explain with graphics how these connections relate and what they result in.

Role of DFD:
 It is a documentation support which is understood by both programmers and non-
programmers. As DFD postulates only what processes are accomplished not how they are
performed.

 A physical DFD postulates where the data flows and who processes the data.

 It permits analyst to isolate areas of interest in the organization and study them by
examining the data that enter the process and viewing how they are altered when they
leave.

E-banking phising
Admin User login
process
Login
use algorthim
 DFD : user and Admin

User profile profile

information Data table

User
check Url Process
User add Url to check URlcheck
login information Datatable

url Blocklist blocklist

information datatable

admin profile
Admin
information
Datatable

Admin Process Add word to word blocklist

Admin blockilist report datatable
login

View website url

link report report datatable