Phishing Website Detection By Link Analysis

Phishing attack is a kind of network fraud in which criminals send spoofed email to trick peopleinto accessing fake web pages to submit sensitive information. These pages are very similar withtheir targets. Criminals then monetize the stolen information directly or indirectly. With the rapiddevelopment of e-commerce, phishing attacks are increasing pervasively. It is the right time to findsome efficient countermeasures against phishing.Phishing web page has contact with its target page more or less as it is designed to convince avictim to share private information. The link relationships of web pages may help to detect phishingpages. This thesis presents a novel method to detect phishing pages using web community which isbased on link analysis. Pages in the same community usually have strong relationships to each other.Phishing target is very likely in its related web community. This online detection cost less time thanthose with huge feature libraries and blacklists.Criminals imitate the target some pages more often than only one page. The phishing site is verysimilar with its target site as they have more than one similar page. This thesis extracts the sitesignatures of potential target sites which are obtained from the related community of phishing page.The site with the highest similarity to the phishing site is identified as the target site. Site signaturesconsist of overall and hash features of sites. The similarity between two signatures is measured bymatched features. The experiment shows that the method is feasible and effective.