Heuristic Anti-Phishing Technology Based On Web System

With the rapid development of Internet technology, Phishing technology become much more diverse and subtle. Phishing mainly aimed at financial web site and e-commerce site currently, which defraud customer’s money for the purpose. With the popularity of e-commerce、 online billing、online banking and other business in the daily life, Phishing become more diverse and spread fastly, which results a huge losses to the user. Since the Phishing issue poses a great threat to e-commerce, It is very important to prevent Phishing.To meet the security need of network phishing at home and abroad, This paper research the existing anti-phishing technologies and analyze their defect. Then propose a web-based heuristic anti-phishing method. Finally,this paper design and implement an anti-phishing system on the basis of web page. The system can generate page status information and alarm to user by evaluating the page domain name、URL、Email、link、 password field、post data to decide whether it is a phishing page.This paper mainly embraces the following work:1.Research the phishing mechanism which includes phishing definition、attack process as well as features of phishing web site. On the basis of Combination of these characteristics and the analysis of common phishing technologies, the paper summarizes the conditions which phishing attack depends on, they are:phishing triggered by the vulnerability, triggered by non-vulnerability network Fishing.2.Reseatch the existing network anti-phishing technology in depth. The existing anti-Phishing technologies are:blacklist detection、 whitelist detection、heuristic detection and similarity testing detection. However, they all have limitations. For example, Blacklist detection has high underreporting rate; whitelist detection is hard to maintain its list; Heuristic detection method has low accuration rate and is easy for attacker to bypass; The similarity testing detection executes inefficiently and it’s not suitable to execute in the IE client. In order to make up the technology above and strengthen the anti-phishing technology, This paper propose a anti-phishing tool based on the web after researching the heuristic detection. The anti-phishing evaluate the information of current page to navigate by the mean of weight parsing、URL parsing、picture hash、DNS reverse query and so on.3. The paper design and implement an web-based anti-phishing system on the basis of weight value、minimum hamming distance in string、image similarity judgment based on hash algorithm. The system checks six times for the key element in the page, including domain name、 Email、URL、password field、image、link. Then we can determine whether it is fishing page by comparing the final weight value with the threshold.4.Experiment on the anti-phishing system with three group data, which proves that the model can detect the phishing page efficiently and accurately, especially for the financial web site.