A Phishing Detecting Method Based On The Relationship Between The Web-pages

Some malignant people use various means to fake banks or e-commerce sites. These sites are the so called phishing sites, which are made to defraud the account numbers or password of users'bank or credit card as well as other personal information. In order to gain the trust of the users, the phishing attackers usually simulate the legitimate web pages to build the phishing web pages, which leads to a strong relationship between a phishing site and its target site.This thesis presents a phishing detecting method based on the webpage relevant features, which mainly includes the image perceptual hashing relation, search relation, text relation and entirety relation. These four relations are taken used of in the process of the phishing detection and the update of the feature library. The main work and contribution of the thesis are listed as follows:Firstly, this thesis explores the possibility of utilizing the image perceptual hashing relation to detect phishing web. It converts the web pages into the images. And then the primary visual image pixels are extracted, in order to form the perceptual hash sequence. After that, the image similarity matching process is made. This method not only overcomes the problem of phishing sites'short survival time, but also reduces the time of processing image similarity matching. The experiment shows that the algorithm can greatly improve the matching speed, ensuring the low false positive rate and the high recall.Secondly, this thesis improves the constructing method of collecting feature library. Generally, the update speed of the phishing webpage is very fast. Therefore, it is not enough to consider the phishing detecting method only, the method of constructing feature library is also greatly needed. The constructing method proposed in the thesis is to utilize the phishing webpage to find the target webpage with the help of several search engines by searching the key words of the phishing site. The thesis puts forth an algorithm to integrate and analyzes the results given by the search engines. The experiment shows that this constructing method can help to improve the true positive rate when detecting phishing sites.Lastly, the thesis presents a method based on an updatable feature database. The experiment proves that this method helps to reduce the false negative rate.