Phishing Web Sites Features Classification Based on Extreme Learning Machine
Abstract:
Phishing are one of the most common and most dangerous attacks among cybercrimes. The aim of these attacks is to steal the information used by individuals and organizationsto conduct transactions. Phishing websites contain various hints among their contents and web browser-based information. The purpose of this study is to perform Extreme Learning Machine (ELM) based classification for 30 features including Phishing Websites Data in UC Irvine Machine Learning Repository database. For results assessment, ELM was compared with other machine learning methods such as Support Vector Machine (SVM), Naïve Bayes (NB) and detected to have the highest accuracy of 95.34%.
Introduction:
Internet use has become an essential part of our daily activities as a result of rapidly growing technology. Due to this rapid growth of technology and intensive use of digital systems, data security of these systems has gained great importance. The primary objective of maintaining security in information technologies is to ensure that necessary precautions are taken against threats and dangers likely to befaced by users during the use of these technologies. Phishing is defined as imitating reliable websites in order to obtain the proprietary information entered into websites every day for various purposes, such as usernames, passwords and citizenship numbers. Phishing websites contain various hintsamong their contents and web browser-based information . Individual(s) committing the fraud sends the fake website or e-mail information to the target address as if it comes from an organization, bank or any other reliable source that performs reliable transactions. Contents of the website or the e-mail include requests aiming to lure the individuals to enter or update their personal information or to change their passwords as well as links to websites that look like exact copies of the websites of the organizations concerned.
Existing System:
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
In addition to using 2FA, organizations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and to not be allowed to reuse password for multiple applications.
For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.
The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.
Disadvantages of Existing System:
1. Factors can get lost
There is no certainty that your authentication factors will be available when you need them. Typically, you are locked out of your account after one mistake is made.
In situations when you lose power or your phone is damaged by water, you won’t be able to get your SMS codes as the second authentication factor. Relying on a USB key as a second factor is also risky. It can easily be misplaced or accidentally run through the laundry. If you trust factors like PINs, there’s always the chance that you forget it. Biometric factors like eyes and fingers can be lost in accidents.
Most recently, Hurricane Harvey and Irma victims found themselves locked out of their accounts because they had no way to charge their phones. Without a phone, you cannot get authentication, and without that, you’re not granted access.
While account recovery is possible, it’s likely to be time-consuming and somewhat difficult. Also, if you have a number of accounts protected with a single factor and you lose that, then you’ll need to recover all of those.
2. False security
Two-factor authentication provides a level of security, but it’s typically exaggerated. For example, if you were locked out of a service because you lost a factor, you’re basically in the same predicament as a hacker attempting to gain access to your account. If you can reset your account without an access factor, then a hacker can, too.
Recovery options typically contradict the point of two-factor authentication, which is why companies like Apple have done away with them. However, without recovery options, your account may be lost forever.
There are also services like PayPal that use two-factor authentication but don’t fully execute it. The company offers a second factor called “PayPal Security Key,” but in 2014, it was able to be completely bypassed with no effort.
In sum, this means that you can follow two-factor authentication and still have your account breached.
3. It can be turned against users
While two-factor authentication is intended to keep hackers out of your account, the opposite can happen. Hackers can set up or reconfigure two-factor authentication to keep you out of your own accounts.
Two-factor authentication may not be effective enough to secure your accounts but can also be too effective if you’re not careful. As services improve with two-factor practices and make account recovery more difficult, it’s pertinent to set up the authentication on your necessary accounts before a hacker does.
Proposed System:
Procedural steps for solving the classification problem
presented is as follows:
• Identification of the problem
This study attempts to solve the problem as to how phishing analysis data will be classified.
• Data set
Approximately 11,000 data containing the 30 features extracted based on the features of websites in UC Irvine Machine Learning Repository database.
• Modeling
After the data is ready to be processed, modeling process for the learning algorithm is initiated. The model is basically the construction of the need for output identified in accordance with the task qualifications.
Classification
Classification is to determine the class to which each data sample of the methods belongs, which methods are used when the outputs of input data are qualitative. The purpose is to divide the whole problem space into a certain number of classes. A wide range of classification methods are present.
This is due to the fact that different classification methods have been constructed for different data as there is no perfect method that works on every data set. As mentioned in literature studies, the aim of classification is to assign the new samples to classes by using the pre-labeled samples. The most commonly used classification methods are described below.
Algorithms and Methods:
• Artificial Neural Networks (ANN)
• Support Vector Machine (SVM)
• Naive Bayes (NB)
Advantages of Proposed System:
1. Achieved performance of ELM method and achieved performance of other machine learning methods (Support Vector Machine (SVM), Naive Bayes (NB)) are presented As deduced from these data, ELM achieved higher performance compared to other methods in terms of performance and speed.
2. No need to install antivirus software’s to detect phishing Attacks.
3. Efficiency is high in terms of experimental analysis.
4. You can easily add our application to your chrome extension
Usability is easy ,User Friendly
electronics and communication engineering final year projects
best hardware projects for ece final year
best ece projects for final year
electronics and communication project for final year
final year project reports for electronics and communication pdf
project for electronics and communication engineering in final year
final year project of electronics and communication
electronics and communication final year projects
final year project topics for electronics and communication engineering
LINKS
https://www.mifratech.com/public/
https://www.facebook.com/mifratech.labs
https://www.instagram.com/mifratech/
https://twitter.com/mifratech