Anti-phishing Web browser allow to avoid the fake site and can do the Steganography and Cryptography on data or email contents from the browser itself.(Developed by Sumeet Jaisinghani, from ( Nashik, Maharashtra )India
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Anti phishing web browser
1. ABHINAV
International Monthly Refereed Journal of Research in Management & Technology
Special Issue
ISSN – 2320-0073
154
ANTI-PHISHING ENABLED WEB BROWSER TO PREVENT
HACKING WITH STEGANOGRAPHY AND CRYPTOGRAPHY
*Sumeet Jaisinghani **Priyanka Sharma ***Renuka Wagh ****Pooja Thete
Student, SND College of Engineering& Research Centre Yeola, India
ABSTRACT
Many anti-phishing mechanisms currently focus on helping users verify whether a
web site is genuine. In our project, instead of preventing human users from “biting
the bait”, we propose a new approach to protect against phishing attacks with “bogus
bites”. We develop Browser, a unique client-side anti-phishing tool, which
transparently feeds a relatively large number of bogus credentials into a suspected
phishing site.
Our browser conceals a victim’s real credential among bogus credentials, and
moreover, it enables a legitimate web site to identify stolen credentials in a timely
manner. Leveraging the power of client-side automatic phishing detection techniques,
our browser is complementary to existing preventive anti-phishing approaches. Also
the additional functionalities are included in the browser as the Steganography and
the Encryption & Decryption of the data or E-mail
Keywords: Anti-phishing, browser, hacking, phishing, Steganography, Cryptography
INTRODUCTION
Our project provides anti-phishing by
automatically avoiding phish site (fake
site) as we have to specify the site which
can redirect to fake site. and when we
open our system when we again wants to
open that affected site then our Phish-tank
looks for if that site have been requested
for proving anti-phishing or if not so then it
checks that site is of the category whose
fake site or phish site is present on
internet on not, and then it will avoid the
phish site and redirect to the original site.
A. Project Scope
•
Can used for the secure browsing
and to prevent information from the
hackers.
•
For secure and safe communication
via
Steganography
and
the
Encryption / decryption of the data.
•
Very easy to use and useful for
securing information.
As there are many browsers which provide
the anti-phishing technique there is one
overhead of identifying the phishing sites
by practice or knowledge, so we are going
to develop a Browser where the phish site
will automatically rejected by browser if it
found conflict.
LITERATURE SURVEY
The World Wide Web (WWW) is a shared
information system which operates on top
of the Internet. Web browsers access that
content and display from remote web
servers using a stateless and anonymous
protocol
called
Hypertext
Transfer
Protocol (HTTP). The other features of the
Browsers are bookmarking, history,
password management, and accessibility
features to put up users into the inability.
[5]
Phishing can be classified into various
types of attacks depending on the various
channels of propagation. [6] These include
malware, phishing emails, fake Web sites,
and identity theft. Malware is an
Proceedings of National Conference on Trends in Management, Engineering & Technology
2. ABHINAV
International Monthly Refereed Journal of Research in Management & Technology
Special Issue
ISSN – 2320-0073
application with malicious code that is
distributed to the public via email or
malicious Web sites. The active attack and
the passive attack can be happen with
phishing as replay attack, masquerade
attack, denial of service attack. When
victims access phishing emails or phishing
Web sites, there is a chance that malware
will be installed on the host computer and
155
will steal personal information related to
the customer surreptitiously. [8]
The Mozilla Firefox which was first
browser with the technique of preventing
phishing attack. The Mozilla Firefox then
has been which was implemented in
middle 2004 have introduced the anti –
phishing technique plugged in with the
browser.
Fig. 1. Phishing attack report upto September 2012[4]
Table 1. Released History for all Major Web Browser
Sr.
no.
1
2
3
Browser
name
LYNX
Mosaic
Netscape
4
Internet
Explorer
5
Opera
6
konqueror
7
8
Galleon
safari
9
Firefox
Closed source
Open source
Hybrid
1.0,2.0
1.0,2.0(96) ,3.0(97)
1.0,2.0(95),3.0(96),
4.0(97),4.5(98)
1.0,2.0,3.0(95)4.0(9
7)5.0(99),5.5(00),6.0
(01) 7.0(06),8.0(09)
2.4(95)
-
Latest
version
2.85(04)
6.0(00),7.0
(02)8.0(05)
9.0
(march 14
11)
2.0(96),3.0(97)
4.0-6.0(00)7.0(03),
11.61 (feb
12)
1.0(98),2.0(00,3.
0 (02)
1.0(01),1.2(02)
1.0(03),2.0(0
5)3.0(07),
3.1(08),4.0
(09),5.0(10)
1.0,1.5(05),2.0(0
6) 3.0(08), 3.5
(09),3.6(10) 4.09.0(11) 10.0(12)
5.1 (july
011)
16.1(dec
12)
Proceedings of National Conference on Trends in Management, Engineering & Technology
3. ABHINAV
International Monthly Refereed Journal of Research in Management & Technology
Special Issue
ISSN – 2320-0073
156
Table 1. Released History for all Major Web Browser (Contd….)
Sr.
no.
10
Browser
name
Chrome
Closed source
1.0(08),2.0,3.0(09)
4.0-8.0(2010)
9.0-16.0(2011)
History of Anti-Phishing
Now days there are number of antiphishing solutions are available. Some
approaches attempt to solve the phishing
problem at the e-mail level. That is, they
try to prevent phishing e-mails from
reaching the potential victims by means of
filters and content analysis. [4]
In 2005, Mozilla have developed Firefox
anti-phishing browser plug-in called AntiPhish. After releasing Anti-Phish it has
been port to the Microsoft Internet
Explorer (IE) browser. [1]. Supporting IE
was important because a majority of
Internet users are accessing the web with
this browser. So, browser plug-ins is
conceptually
similar
with
the
implementation of the new anti-phishing
browser.
The different
basic anti-phishing
techniques are Social response, technical
response, helping to identify legitimate
websites, Augmenting password logins,
Eliminating phishing mail, Monitoring and
takedown.
In our project we are also developing the
phishing detection technique which will be
plugged in with the browser.
Present Theory & Practices
Phish-Tank is an anti-phishing site.
PhishTank was launched in October 2006
by entrepreneur David Ulevitch as an
offshoot of OpenDNS. The company
offers
a
community-based
phish
verification system where users submit
suspected phishes and other users "vote"
if it is a phish or not.[7] Other browser
like Mozilla, Opera provide avoiding
phishing but you have to specify the IP
address of fake site or block the sites
which can lead into phishing or hacking[5].
Open source
Hybrid
Latest
version
17.0(12)
Spam Filters and Blacklists One approach
relies on spam filters and blacklists to
automatically prevent users from visiting a
phishing Web page. Already there are
many phishing-specific filters for popular
email software (e.g., Exchange Server
2003 SP2, Outlook, and Spam Assassin.
[9]
The
Anti-Phishing
Working
Group
(APWG) is the global industry, law
enforcement, and government coalition
focused on unifying the global response to
cyber crime through development of data
resources, data standards and model
response systems and protocols for
private and public sectors. The APWG
collects, analyzes, and exchanges lists of
verified credential collection sites, like
those used in Phishing. [4]
Proposed System Architecture
The above Diagram shows the Block
Diagram of the Anti-phishing browser, in
which the system is providing security to
the user form the phish site, as the phish
Container is containing the information
about the Domain Name and the IP
addresses of the fake sites.
It works as when user enter the domain
name or have clicked on any web Link
which can redirect to the phish site, then
the Anti-phishing system check if the
entered domain or IP is of phish contents
or not by comparing with the information
stored into the phish container. And if it
founds conflict then the phish container
will redirect to the original site by avoiding
to the phish site. And if the domain or
entered IP is of the original contents then
it will redirect to the original in the secured
mode.
The Anti-phishing system contains the
browser which is plugged in with the phish
container and it will identify the phish site
Proceedings of National Conference on Trends in Management, Engineering & Technology
4. ABHINAV
International Monthly Refereed Journal of Research in Management & Technology
Special Issue
ISSN – 2320-0073
and automatically redirect it to the original
site, which leads into the securing the
157
information of the user from
unauthorized access. Proposed
the
Fig. 2. Block Diagram of the Anti-phishing Browser
Functionality of Browser
a) Browser: The browser must be
plugged in with the Phish-Container
so in that IP addresses can be
identified and can insert into the
phish-Container. Our browser has the
standard functions as all other
browsers work.
b) Phish-Container: It must contain the
IP addresses of the more phish sites
and redirecting must be reliable. The
phish container can be used for
checking the site if it is fake or not,
and site which is not included into
phish container can be reported as
phish site by browser if it founds
conflicts.
c) Steganography:
The
image
provided to the system must be of
good quality and text must be as after
processing of the Steganography
there should not be any loss of the
data. By steganography we can hide
any data into the Image.
d) Encryption/Decryption:
The
key
generated after the encryption and
the encrypted message must not be
guessable. By this we can protect our
data from the hackers/unauthorized
user by converting it into the
unreadable and encoded form.
Fig. 3. Functional Diagram of Browser
Proceedings of National Conference on Trends in Management, Engineering & Technology
5. ABHINAV
International Monthly Refereed Journal of Research in Management & Technology
Special Issue
ISSN – 2320-0073
Advantage
•
Extending
client.
Security identifying
phish
•
Private Browsing.
•
No need of self identifying phish sites.
•
The user side information will be kept
secure.
•
The phish container is highly protected
from unauthorized users.
Applications
•
This System can be used for secure
mailing
via
Stegnography
and
encryption and decryption.
•
In banking application to make secure
transaction.
•
Useful for providing security to the
clients by the organization which use
that Anti-phishing system
CONCLUSION
We are going to develop an Anti-phishing
browser using which the phishing can be
brought under control, which leads to secure
browsing by user. Also includes the
enhanced functionality as Steganography
and encryption and decryption of Email. As
the number of phishing scams continues to
grow and the costs of the resulting damages
increases, we believe that Anti-Phishing is a
step in the right direction and a useful
contribution for protecting users against
spoofed web site-based phishing attacks.
A phish container server and its client, both
the software are responsible for identifying
the specified site is phish site or not and also
provide the facility to report any site as a
phishing site which can be add to phish
container after cross verification.
REFERENCES
1. Building Anti-Phishing Browser PlugIns: An Experience Report Thomas
Raffetseder,
Engin
Kirda,
and
Christopher Kruegel Secure systems
158
Lab, Technical University of Vienna
tr,ek,chris}@seclab.tuwien.ac.at.
2. Bose and A. C. M. Leung, "Unveiling the
mask of phishing: Threats, preventive
measures,
and
responsibilities,"
communications of the Association for
Information Systems, vol. 19, pp. 544566, 2007.
3. Kirda and C. Kruegel, “Protecting users
against
phishing
attacks,”
The
Computer Journal, 2005.
4. [4] Anti Phishing Work Group. Phishing
attacks
trends
report.Q3
2012
http://www.antiphishing.org, Dec. 2007.
5. "A Reference Architecture for Web
Browsers"Alan Grosskurth and Michael
W. Godfrey School of Computer
Science
University
of
Waterloo,
Waterloo, ON N2L 3G1 Canada
{agrossku,migod}@uwaterloo.ca
6. Ross, C. Jackson, N. Miyake, D. Boneh,
and J. Mitchell, “A browser plug-in
solution to
The unique password
problem,”
http://
crypto.stanford.edu/PwdHash/,2005.
7. L. Wenyin, G. Huang, L. Xiaoyue, Z.
Min, and X. Deng, “Detection of
phishing WebPages based on visual
similarity.”
8. World of Computer Science and IT
Journal (WCSIT) ISSN: 2221-741, 2011
i mplementing a Web Browser with
Phishing
Detection
Techniques"
Aanchal
Jain Prof. Vineet
Richariya
vineet_rich@ yahoo.com
Lakshmi
Naraian
College
of
Technology, Bhopal(M.P.), India
9. “iTrustPage: A User-Assisted AntiPhishing Tool Troy Ronda Dept. of
Computer Science University of Toronto
Stefan Saroiu Dept. of Computer
Science University of Toronto Alec
Wolmann Microsoft Research.
10. H. Witten and E. Frank, Data Mining:
practical machine learning tools and
techniques
Proceedings of National Conference on Trends in Management, Engineering & Technology