طبقهبندی و شناسایی وب سایتهای فیشینگ به کمک مجموعه قوانین فازی و الگوریتم اصلاحشده بهینهسازی صفحات شیبدار
محورهای موضوعی : مهندسی برق و کامپیوتر
1 - دانشگاه بزرگمهر قائنات
کلید واژه: انتخاب هوشمند ویژگی استنتاج فازی الگوریتم بهینهسازی صفحات شیبدار شناسایی وب سایتهای فیشینگ طبقهبندی,
چکیده مقاله :
یکی از تهدیدات پیش روی توسعه فناوری اطلاعات در فضای مجازی، سرقت اطلاعات شخصی و مالی کاربران میباشد که این تهدید امنیتی، فیشینگ نامیده میشود. بررسی و تحلیل روشهای موجود نشان میدهد که ایجاد انعطافپذیری در انتخاب ویژگیهای اثرگذار در فرایند شناسایی وب سایتهای فیشینگ، پویاسازی رفتار الگوریتم طبقهبندی کننده وب سایتهای هدف و نیز امکان تحلیل و کنترل حجم گستردهای از وب سایتها مورد توجه قرار نگرفته است. لذا در این مقاله به منظور تحقق همزمان سه هدف یادشده، ابتدا مکانیزمی بر اساس طراحی یک آستانه تغییر برای کاهش انعطافپذیر ویژگیهای مورد ارزیابی در شناسایی وب سایتهای فیشینگ تعریف شده است. سپس با حافظهمند نمودن الگوریتم بهینهسازی صفحات شیبدار، کاهش نرم اثر حافظه بر عملکرد الگوریتم در تکرارهای بالا و نیز تعریف 12 قانون فازی در یک سیستم استنتاج فازی اقدام به پویاسازی هوشمند این الگوریتم به منظور طبقهبندی وب سایتهای جامعه ارزیابی به سه طبقه قانونی، مشکوک و فیشینگ مینماید. نتیجه پیادهسازی رویکرد هوشمند جدید پیشنهادی بر روی داده محک استاندارد در این حوزه و نیز مقایسه عملکرد این الگوریتم با عملکرد بهترین الگوریتمهای موجود، نشان از تحقق اهداف سهگانه فوقالذکر برای این تحقیق را دارد.
One of the most important factors influencing the development of information technology on internet is steal the customer information. This security threat is known as phishing. With regarding to review and analysis of the published methods, lake of create the flexibility to effective attribute selection in the procedure of phishing websites detection, non- dynamic behavior of classification algorithm on target websites and also no attention to reduce the amount of computation for the large number of websites are the main gaps of these methods. To achieve the above-mentioned objectives, a new dynamic mechanism is planned to flexible attribute reduction based on designing threshold change of assessment in this paper. Then inclined planes optimization algorithm is memorized based soft reducing the effect of the embedded memory though high iterations and 12 fuzzy rules are defined in a fuzzy inference system for intelligent dynamiting the algorithm. The experimental results of the proposed intelligent algorithm and the comparison the algorithms with the best available algorithms; demonstrate the ability of the modified inclined planes optimization algorithm to detect phishing websites and satisfy the above mentioned objectives.
[1] Y. Zhang, S. Egelman, L. Cranor, and J. Hong, Phinding Phish: Evaluating Anti-Phishing Tools, 2006.
[2] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, "Intelligent phishing detection system for e-banking using fuzzy data mining," Expert Systems with Applications, vol. 37, no. 12, pp. 7913-7921, Dec. 2010.
[3] M. D. I. A. Ajlouni, W. E. Hadi, and J. Alwedyan, "Detecting phishing websites using associative classification," European J. of Business and Management, vol. 5, no. 23, pp. 36-40, Aug. 2013.
[4] L. F. Cranor, S. Egelman, J. I. Hong, and Y. Zhang, "Phinding Phish: An Evaluation of Anti-Phishing Toolbars," in Proc. of the 14th Annual Network & Distributed System Security Symp., NDSS'07, San Diego, CA, 28 Feb.-2 Mar. 2007.
[5] M. Sirajuddin, "Data mining approach for deceptive phishing detection system," International Journal of Scientific Research Engineering &Technology, vol. 2, no. ???, pp. 337-334, ???. 2013.
[6] E. Medvet, E. Kirda, and C. Kruegel, "Visual-similarity-based phishing detection," in Proc. of the 4th Int. Conf. on Security and Privacy in Communication Netowrks, p. 22-28, Sept. 2008.
[7] W. Zhang, H. Lu, B. Xu, and H. Yang, "Web phishing detection based on page spatial layout similarity," Informatica, vol. 37, no. 3, pp. 231-244, Sept 2013.
[8] L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng, "Detection of phishing webpages based on visual similarity," in Proc. Special Interest Tracks and Posters of the 14th Int. Conf. on World Wide Web, pp. 1060-1061, Chiba, Japan, 10-14 May 2005.
[9] S. T. Kumar, V. Kumar, and A. Kumar, "Detection and Prevention of Phishing Attacks Using Linkguard Algorithm," 2008.
[10] J. S. White, J. N. Matthews, and J. L. Stacy, "A method for the automated detection phishing websites through both site characteristics and image analysis," in Proc. SPIE Defense, Security, and Sensing, 11 pp., May 2012.
[11] A. P. Rosiello, E. Kirda, C. Kruegel, and F. Ferrandi, "A layout-similarity-based approach for detecting phishing pages," in Proc. 3rd Int.l Conf. on Security and Privacy in Communications Networks and the Workshops, SecureComm'07., pp. 454-463, Sept. 2007.
[12] N. R. T. Guhan, "Analyzing and detecting phishing webpages with visual similarity assessment based on earth mover's distance with linear programming model," International J. of Advanced Engineering Technology, vol. 3, no. 4, pp. 327-330, Nov. 2012.
[13] P. Barraclough, M. Hossain, M. Tahir, G. Sexton, and N. Aslam, "Intelligent phishing detection and protection scheme for online transactions," Expert Systems with Applications, vol. 40, no. 11, pp. 4697-4706, Sept. 2013.
[14] A. DeMaris and S. H. Selman, Logistic Regression, in Converting Data into Evidence, Ed: Springer, pp. 115-136, 2013.
[15] S. Garera, N. Provos, M. Chew, and A. D. Rubin, "A framework for detection and measurement of phishing attacks," in Proc. of the ACM Workshop on Recurring Malcode, 8 pp., Nov. 2007.
[16] P. Sengar and V. Kumar, "Client-side defense against phishing with pagesafe," International J. of Computer Applications, vol. 4, no. 4, pp. 6-10, Jul. 2010.
[17] S. Abu-Nimeh, D. Nappa, X. Wang, and S. Nair, "A comparison of machine learning techniques for phishing detection," in Proc. of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit, pp. 60-69, Oct. 2007.
[18] J. P. Marques de Sa, Pattern Recognition: Concepts, Methods, and Applications, Springer, 2001.
[19] H. M. Deylami and Y. P. Singh, "Cybercrime detection techniques based on support vector machines," Artificial Intelligence Research, vol. 2, no. 1, 12 pp., 2013.
[20] L. Breiman, "Random forests," Machine Learning, vol. 45, no. 1, pp. 5-32, 2001.
[21] D. M. L. V. Radha Damodaram, "Experimental study on meta heuristic optimization algorithms for fake website detection," International Association of Scientific Innovation and Research, pp. 43-53, 2012.
[22] M. Radha Damodaram and M. Valarmathi, "Phishing website detection and optimization using particle swarm optimization technique," International J. of Computer Science and Security, vol. 5, no. 5, p. 477-490, Dec. 2011.
[23] M. Radha Damodaram and M. Valarmathi, "Bacterial foraging optimization for fake website detection," International J. of Computer Science & Applications, vol. 1, no. 11, pp. 116-127, Jan. 2013.
[24] م. ح. مظفري، ح. عبدي و س. ح. ظهيري، "الگوريتم جديد بهينه سازي سيستم صفحات شيبدار،" مجله رايانش نرم و فناوري اطلاعات، سال 1، شماره 1، صص. 20-3، 1391.
[25] M. Aburrous, M. Hossain, K. Dahal, and F. Thabtah, "Associative classification techniques for predicting e-banking phishing websites," in Proc. Int. Conf. on Multimedia Computing and Information Technology, MCIT'10, pp. 9-12, Apr. 2010.
[26] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabatah, "Modelling intelligent phishing detection system for e-banking using fuzzy data mining," in Proc. Int. Conf. on CyberWorlds, CW'09, vol. ???, pp. 265-272, ???. 2009.
[27] P. Barraclough, M. Hossain, M. Tahir, G. Sexton, and N. Aslam, "Intelligent phishing detection and protection scheme for online transactions," Expert Systems with Applications, vol. 40, no. 11, pp. 4697-4706, Sept. 2013.
[28] S. H. Zahiri and S. A. Seyedin, "Intelligent particle swarm classifiers," Iranian J. of Electrical and Computer Engineering, vol. 4, no. 1, pp. 63-70, Winter-Spring 2005.
[29] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, "Experimental case studies for investigating E-banking phishing techniques and attack strategies," Cognitive Computation, vol. 2, no. 3, pp. 242-253, Sep. 2010.
[30] A. Y. Fu, L. Wenyin, and X. Deng, "Detecting phishing web pages with visual similarity assessment based on earth mover's distance (EMD)," IEEE Trans. on Dependable and Secure Computing, vol. 3, no. 4, pp. 301-311, Oct.-Dec. 2006.
[31] R. Mohammad, T. McCluskey, and F. A. Thabtah, "Intelligent rule based phishing websites classification," IET Information Security, vol. 8, no. 3, pp. 153-160, May 2013.