| Phishing is a kind of online identity theft, which uses fraudulent vectors to lure users into leaking sensitive information to the attackers. The huge interest induces the rapid increase of Phishing attacks, and the high-incidence of Phishing attacks damage the users'trust. If things go on, Phishing will badly influence Internet users'ordinary life and work, and even the whole development of e-business. For that reason, the study of Anti-Phishing mechanisms has great value and is extremely urgent.This paper firstly introduces the concept of Phishing, the objective and the meaning of this study. And then we present the statistical features and main attacking methods of Phishing, and summarize its general attack sequence. After analyzing the shortcoming of current popular browser-based Phishing detection tools, we construct a Phishing web page detection algorithm based on DOM parsing, and then combined it with improved URL blocking and heuristic detection into a whole Phishing detection mechanism. At the last, we implement a prototype of our proposed detection mechanism in the form of a browser plug-in, called PhishDetector, and set up a comparative test to study its performance. The result from the experiment shows that PhishDetector can correctly identify more than 90% of the Phishing pages with acceptable false positive rate, effectively help users to against Phishing attacks. |
PDF Full Text Request