Research On The Detection And Protection Measures Against Pharming Attack

With the expansion of the Internet, e-commerce and online business have rapid developed, which also provides the network attackers with a great crime space. In recent years, a variety of network attacks occur frequently, especially phishing and pharming attacks. Phishing mainly sends deceptive messages claiming to be from well-known companies or official institutions, to lure the recipient to disclose sensitive information in order to carry out attacks. Pharming attack is a sophisticated version of phishing attacks. The attackers can inject Trojans into users’computers, install malicious software, destruct resolution process of DNS server to redirect users to fake web pages and steal important information of users. Different from traditional phishing attacks, traditional phishing detecting technologies cannot apply to pharming attacks effectively.Currently, research on pharming attack is still in a preliminary stage. In-depth study pharming attack techniques used and the detection and prevention methods have great theoretical and practical significance. Based on the principle of pharming attacks, a pharming attack detection model is proposed based on IP address filtering and PSO-SVM hybrid algorithm for the client to detect pharming attacks, and further a pharming attack prevention method is proposed based on hosts file protection. The simulation results show that the detection rate of the proposed hybrid model can reach99%. Specific tasks are as follows:The principles and categories of pharming attacks are studied and the pharming attack prevention method is proposed based on hosts files after analyzing the work process of domain services and the vulnerability of the hosts file.The pharming attack detection model is proposed based on IP address filtering and PSO-SVM hybrid algorithm, by analyzing the impact of pharming attack for IP address resolution process and the characteristics between false and legitimate web pages of differences.12sensitive features of pages be extracted from legitimate pages and a certain number of false pages randomly selected from PishTank library. The validity of the proposed model used to detect pharming attacks is verified through a large number of experiments for the detection model.The pharming attack detection and prevention systems with C/S structure is implemented using Java programming language based on the Netbeans software development platform.