Detecting phishing websites using associative classification mining

Other Title(s)

كشف المواقع المزيفة باستخدام تنقيب التصنيف المترابط

Dissertant

Widyan, Suzan Ibrahim

Thesis advisor

Thabtah, Fadi Abd al-Jabir
Atir, Muhammad Abd Allah

Comitee Members

al-Hamami, Ala Husayn
Khasawinah, Ahmad Mansur

University

Amman Arab University

Faculty

Collage of Computer Sciences and Informatics

Department

Department of Computer Science

University Country

Jordan

Degree

Master

Degree Date

2013

English Abstract

Financial and governmental institutes are increasingly offering more online financial services to their clients.

This business trend,however, is threatened by the increasing security threats.

One major security threat comes from what is called “Phishing websites”.

Phishing websites are forged webpages that are created by malicious people to mimic webpages of real websites.

Victims of phishing attacks may expose their financial sensitive information to the attacker whom might use this information for financial and criminal activities.

Many solutions have been proposed to detect phishing websites, some of them had been adapted by the industry, which are mainly based on keeping a list of URL’s that are thought to be malicious, called a blacklist.

However, a main concern about the blacklist approach is the need of continuously updating the list by adding newly created phishing websites.

Since most of phishing websites have a short life, if the process of updating the blacklist is slow, then there is a chance that phishing attacks can occur before being detected by the blacklist.

Several other approaches in the literature propose using classification algorithms used in machine learning and data mining.

According to these approaches, the phishing websites problem can be viewed as a classification problem where websites are classified to be either phishing or legitimate.

These approaches do not need to be updated whenever a new phishing website is introduced.

Instead, it can be trained periodically in order to adjust the classifier for the new phishing websites attributes.

In this thesis, an algorithm called “Phishing Associative Classification” (PAC) is proposed for solving the phishing websites problem.

PAC is an associated classification (AC) algorithm.

ACs are data mining algorithms that have the advantage of producing classification rules that are hat are easy to understand and manipulate by end-user.

Therefore, giving the users the capability to update the rules when new phishing websites are detected instantly In order to evaluate the classification accuracy of the proposed algorithm, an experimental study has been performed.

In the study, a dataset that consists of 1010 website is collected.

Each website is represented by 16 features.

The proposed algorithm is compared with four well-known data mining algorithms.

Ten-fold cross-validation is used to train and test the algorithms.

The results show that PAC outperforms the other algorithms and scored a classification accuracy of 99.3 %.

The results also show that PAC produces fewer rules in compared with other algorithms, therefore, PAC is more efficient.

Efficiency is an important attribute of a solution that aims to solve a real-time problem like the phishing websites.

Main Subjects

Mathematics

Topics

• World Wide Web
• Web sites
• Security measures
• Data mining
• Webservers

No. of Pages

102

Table of Contents

• APA
• MLA
• AMA

Language

English

Data Type

Arab Theses

Record ID

BIM-526480