CHAPTER VIII

PREVENTION AGAINST PHISHING ATTACK

8.1 INTRODUCTION

Phishing is a rising threat in the present connected world. In cell phone device

phishing attack, an attacker usually sends an SMS message containing connection

to phishing web pages or applications that, if want to a request for credential

information [161]. Attacks may be started by means of email messages stacked in

the browser of cell phone devices.

User interfaces for cell phone devices are compelled by the device’s tiny

screens. Specifically, mobile operating systems and browsers require safe

application or website to communicate with. A client cannot definitively tell what

mobile application or website she is interacting with. This exposes users to a

chance of misinterpret a malicious application for a trusty one.

8.2 PHISHING ATTACK IN MOBILE ENVIRONMENT

A detailed description of various Phishing attack scenarios in a mobile

environment has been provided. We demonstrate attack scenarios in Wi-Fi

architecture, attacks on Bluetooth applications, SMS phishing, and vishing etc.

8.2.1 Wi-Fi Phishing Attack

Wi-Fi has turned out to be one of the essential needs in our life. Whether it is

your home or your workplace the need to remain connected is very strong. So Wi-

Fi has certainly emerged as a vital part of our lifestyle and consequently a hotspot

for the attackers too. With the use of Wi-Fi, it is easier to establish a fake Access

… Ph.D. Thesis by Priyanka Chaudhary 108

 Chapter VIII
Prevention Against Phishing Attack

Point because a person may not be able to validate the authenticity of the access

points they are linking to. Henceforth, an attacker can set up an Access point with

SSID that appears to be authentic. For example, close to Starbucks with a cousin

SSID: Starbucks Wi-Fi or similar names.

Figure 8.1 Wi-Fi Phishing Attack Flow

8.2.2 Bluetooth Phishing Attack

Bluetooth is a Wi-Fi technology popular for replacing information over a short

range. Bluetooth enabled telephones to have a serious protection flaw that permit

users to connect to the device without the user’s permission. Once the attacker

receives access to your smart phone via Bluetooth, he can get access to your files,

name logs, phonebook, connect to your web etc. It does not stop there, he can

exchange the contact number, send you a phishing message, make you download

malware by way of making you accept as true with it’s a authentic one. So as soon

as you get into his trap, you are most probably to disclose your secure data to him

assuming he is genuine.

… Ph.D. Thesis by Priyanka Chaudhary 109

 Chapter VIII
Prevention Against Phishing Attack

Figure 8.2 Bluetooth Phishing

8.2.3 SMS Phishing

Cell phone device are used for text message to deliver the bait to include

people to disclose their personal information. In many cases, such texts are sent

through emails which are challenging to trace. Small number or some text like

‘29109’ or ‘DP-YMTR’ rather of an authentic phone number is used by sender’s

number, it is an indication that it is coming from email.

8.2.4 Voice Phishing

In this type of phishing, attackers utilize smart phone systems to impersonate

an authentic organization and get access to the personal data of the victim. Some

attackers use Voice over IP (VOIP) points like caller identification spoofing via

which they ought to select any number to call the bait. For the victim, it appears

… Ph.D. Thesis by Priyanka Chaudhary 110

 Chapter VIII
Prevention Against Phishing Attack

that request is coming from the authentic origin. It is even challenging for the

legal authorities to monitor or trace such calls which make such kind of phishing

attack more dangerous.

8.3 MOBILE WEB APPLICATION PHISHING ATTACK

On an average cell phone device, person uses more than 24 apps per month

that provide facility to attacker a 24 spots per person. Cell phone has tiny screen

size, so almost apps have simple designs which make it suitable for an attacker to

replicate. There are generally four methods through which you ought to be

directed to these phishing websites which are:

8.3.1 App ->App In this, person is directed to different phishing application from

the reliable software and consequently the person does not get suspicious about

such phishing apps and exhibits his data.

8.3.2 App->Web In this consumer is directed to the website via the authentic

application. As the screen measurement of the cell is typically small the user does

not confirm the credentials of the websites. So next time, if you are directed to any

website from your Facebook or Twitter account you ought to think earlier than

presenting any records.

8.3.4 Web->App In this section person is addressed by the phishing app from an

internet browser that seems to be authentic. Since protection software indicators

are not available to distinguish between the authentic and the phishing app, the

victim reveals his information. So, for precaution, when next time your browser

directs you to your Facebook or other app, you must be cautious to check whether

authentic or fake app is opened up.

… Ph.D. Thesis by Priyanka Chaudhary 111

 Chapter VIII
Prevention Against Phishing Attack

8.3.5 Web -> Web In this person is directed to some other phishing website from

the authentic website. This is the most frequent assault as it is beneficial to attack

pc users as well.

Phishing via smart phone is specifically easy with a larger success rate of

stealing the facts via computers, laptops or different types of electronic media

because of the subsequent reasons:

Usability: We use our mobile phones day in and day out. Statistics disclose

that the amount of time spent on Smartphone has improved to greater than 30

hours per month. So, the more one use their mobiles, the more are the

probabilities of revealing private records to a hacker.

Screen Size: Smaller display size would make it challenging for a person from

distinguishing between a phishing web page and a actual website. The

purposes are to make especially simple to entertain exclusive display size,

which also make it convenient for the hackers to replicate it.

Security Indicators: There are very few utility indications which can consider

how protect and real an application is.

Behavioral: We are accustomed to coming into our password in acquainted

and repeated setting which makes it more susceptible to assault with great

success rate.

Inadequate Identity Indicators: As far as apps are involved, there are very few

identification indications reachable and few human beings who use it. So a

… Ph.D. Thesis by Priyanka Chaudhary 112

 Chapter VIII
Prevention Against Phishing Attack

people would not be able to distinguish amongst from legitimate and non-

legitimate source.

8.4 NAÏVE BAYESIAN ALGORITHM

Naïve Bayesian classifier is one of the highest detection approaches for

learning classification of text documents. Given a set of classified training

samples, an application can learn from these samples, so as to predict the class of

a sample. This method is derived from Bayes Rule that says: if you have a

proposition assumed as h and data D that bears on the proposition assumed, then:

P(h ): independent_probability of h (prior_probability)

P(D): independent_probability of D

P(D|h): conditional_probability of D given h

P(h|D): conditional_probability of h given D (posterior_probability)

8.5 PROPOSED METHOD

We have explored on detecting the cell phone device phishing using the

Naive Bayesian algorithm technique. Our objective is to keep away the mobile

phishing from stealing the crucial information. The design of our system consists

of three different components. By using these components, the applications and

permission for each application which are installed in a mobile phone are analyzed

and the malicious applications are identified in the learning model. Figure 8.3

presents the overview of the proposed system framework.

… Ph.D. Thesis by Priyanka Chaudhary 113

 Chapter VIII
Prevention Against Phishing Attack

Figure 8.3 Architecture of Proposed Methodology

The mobile devices are the targets of malicious applications because of the

vulnerable nature of mobile devices than personal computers. Cyber criminals

make use of the malware—malicious software to exploit mobile devices such as

Smartphone and tablets. The cell phone users will email, use online banking,

purchase product, and use social networking websites. Money transactions

through mobile phone the attackers to steal information which may be used for

malicious activities. The most well-known approach for mobile users to induce

their devices infected with malware is by inadvertently downloading malicious

apps. Cyber crooks outline their evil little programs to seem like authentic games

or different helpful apps and place them online on discussion and even open app.

markets, just like the Android Market. If the users are not careful once

downloading an app, there is an opportunity the device can turn out to be a spying

tool. By taking this problem into consideration, we have a tendency to expect that

mobile devices ought to have a legitimate mobile security application to find the

key logger. The introduced model enhances malware detection system that is

… Ph.D. Thesis by Priyanka Chaudhary 114

 Chapter VIII
Prevention Against Phishing Attack

based on machine learning-based for the mobile phones to distinguish malware

applications. This technique improves the security and privacy of cell phone users.

It observes numerous permissions based features and events that it get from the

android applications and examines these features by using machine learning

classifiers to whether or not the appliance could be a traditional application or

malware.

The proposed methodology performed in three totally different stages:

Permission Gathering The applications and permission for every application

is recorded utilizing Package Manager API, at that point they are kept into the

sqlite database. Package Manager API could be a category for retrieving

numerous types of information associated with the application packages that

are presently installed on the device. The information is kept in a sqllite

database that is related with relational database management system and

comprised in a small C programming library.

Permission Analyzer Using Naïve Bayesian Algorithm, permission analyzer

builds a learning model with the training data set that consist permissions

considering with their protection levels. SVM might be a machine learning

algorithm which monitors data and recognizes patterns.

Keylogger Detector it monitors the cell phone device applications and their

permissions with learning model. It provides differentiation between

keylogger applications and provokes users to disable keylogger applications

with permissions which will cause vital security risks. The key advantage of

… Ph.D. Thesis by Priyanka Chaudhary 115

 Chapter VIII
Prevention Against Phishing Attack

our methodology is a wide range of keyloggers may be distinguished within a

very less computation time.

Cell phone devices have tiny screens, thus users are not ready to see the entire

URLs and are probably going to click on the links while not enough thinking of

conceivable phishing attacks. Additionally, users download and install

applications while not realizing that installed applications might not be a copy of

legitimate official applications, an issue that overwhelmingly targets monetary

related institutions. In this paper, we have illustrates a system for analyzing and

obtaining the mobile phone applications with considering their permissions via

Support Vector Machine. By using machine learning technique, the system is

enough capable to differentiate the popular and malicious applications. Our

methodology uses the method of distinguishing keyloggers which is totally

supported on behavioral characteristics common to any or all keyloggers and does

not consider on the internal overview of the keylogger. As the future improvement

the memory usage, control flow & resource usage may be added because the

feature vector to distinguish the keylogger.

Table 8.1 Comparison of Different Mechanism

Title of Paper Method and Conclusion
Technique
Unprivileged Black Pearson product Presents a simple black-box approach

Box Detection moment for the detection of the most frequent

correlation keyloggers

coefficient.

Modeling and Autonomy Characterizes two types of human

… Ph.D. Thesis by Priyanka Chaudhary 116

 Chapter VIII
Prevention Against Phishing Attack

Restraining Mobile oriented behavior

Virus Propagation computing

Kernel-basedBehavior Jailbreak The system achieves collecting log data

Analysis Techniques that only contains data of target

for Android Malware have used activities. Signature-based pattern

Detection matching is used for analyzing log data.

Structural Detection Support vector Consequently distinguish Android

of Android Malware machine malware with a recognized rate of 89%

utilizing Embedded technique have with 1% false positive, such as one

Call Graphs used. false alarm in 100 installed applications

on a smartphone. Adapting the strategy

to different platforms.

Automatic Analysis Uses learning A framework is planned to

of Malware Behavior algorithms. overwhelming the issues of computer

using Machine security, like denial of service attacks,

Learning identity theft, or distribution of spam

and phishing contents.

Permission Based K-Means A framework is proposed for

Android Malware Algorithm have classifying Android applications using

Detection used machine-learning techniques, whether

they are malware or normal

applications

… Ph.D. Thesis by Priyanka Chaudhary 117

 Chapter VIII
Prevention Against Phishing Attack

8.5 CONCLUSION

Cell phone devices has tiny screen size, hence the individual are not

identify the whole URLs and access on the links while not thinking enough of

potential phishing attacks. Also, users download and install applications while not

realizing that installed applications might not be a copy of legitimate official

applications, an issue that conquer targets financial related institutions. In this

chapter, we used a Naïve Bayesian technique for obtaining and analyzing cell

phone applications with their permissions. With such a machine learning

algorithm, the system is equipped to differentiate between normal and malicious

applications. Our methodology utilizes the technique of distinguishing keyloggers

is being totally supported on behavioral characteristics common to all keyloggers

and it does not commit on the internal overview of the keylogger. As the future

enhancement the memory usage, control flow & resource usage can be added as

the feature vector to identify the keylogger.

… Ph.D. Thesis by Priyanka Chaudhary 118