Phishing and Spoofing Websites: Detection and Countermeasures

Wee Liem Lai, Vik Tor Goh*, Timothy Tzen Vun Yap, Hu Ng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)
113 Downloads (Pure)

Abstract

Website phishing and spoofing occur when unsuspecting users are tricked into interacting with a fraudulent website designed to impersonate a legitimate one. This is done with the intention of stealing login credentials or other personal information. The goal of this project is to develop a multi-layered URL-based malicious website detection system to counter such attacks. The proposed system employs several defence mechanisms, including whitelist filtering, API requests to domain blacklist providers, and string comparison algorithms, to accurately identify and classify websites as either legitimate or malicious. In brief, the first layer provides an initial check by matching the domain of the intended website with a predefined whitelist, while the second layer queries APIVoid (a domain blacklist provider) to conduct additional checks for domain age and reputation. Finally, to prevent typographical errors that could unintentionally redirect users to a malicious website, the last layer compares the domain of the intended website with entries in the whitelist to identify any significant similarities using the Levenshtein distance algorithm. To evaluate the system's performance, a comprehensive testing phase was conducted on a dataset containing 30 randomly selected websites, encompassing various scenarios of malicious and legitimate websites. The results show a high true positive rate of 0.94 and an overall accuracy of 0.93, indicating the system's ability to accurately classify legitimate and malicious websites. The proposed system shows promising results in accurately classifying websites and enhancing user awareness to prevent phishing and spoofing attacks.

Original languageEnglish
Pages (from-to)1672-1678
Number of pages7
JournalInternational Journal on Advanced Science, Engineering and Information Technology
Volume13
Issue number5
DOIs
Publication statusPublished - 31 Oct 2023

Keywords

  • domain name spoofing
  • multilayer malicious website detection model
  • Phishing attacks
  • user alert system

ASJC Scopus subject areas

  • General Computer Science
  • General Agricultural and Biological Sciences
  • General Engineering

Fingerprint

Dive into the research topics of 'Phishing and Spoofing Websites: Detection and Countermeasures'. Together they form a unique fingerprint.

Cite this