anti phishing attacks

77
PREVENTING PHISHING ATTACKS PREVENTING PHISHING ATTACKS INDEX: 1. INTRODUCTION 2. SYSTEM ANALYSIS 2.1 EXISTING SYSTEM 2.2 PROPOSED SYSTEM 2.3 SOFTWARE AND HARDWARE SPECIFICATION 3. SOFTWARE REQUIREMENTS SPECIFICATION 4. SOFTWARE DESCRIPTION 5. SYSTEM IMPLEMENTATION 5.1 MODULE 1. CREATION OF A MAIL SYSTEM AND DATABASE OPERATIONS 2. COMPOSES, SEND AND RECEIVE A MAIL 3. IMPLEMENTATION OF THE LINK GUARD ALGORITHM 6. CODING 7. SCREEN SHOTS 1

description

to prevent our mail system from phish mails

Transcript of anti phishing attacks

Page 1: anti phishing attacks

PREVENTING PHISHING ATTACKS

PREVENTING PHISHING ATTACKS

INDEX:

1. INTRODUCTION

2. SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

2.2 PROPOSED SYSTEM

2.3 SOFTWARE AND HARDWARE SPECIFICATION

3. SOFTWARE REQUIREMENTS SPECIFICATION

4. SOFTWARE DESCRIPTION

5. SYSTEM IMPLEMENTATION

5.1 MODULE

1. CREATION OF A MAIL SYSTEM AND DATABASE OPERATIONS

2. COMPOSES, SEND AND RECEIVE A MAIL

3. IMPLEMENTATION OF THE LINK GUARD ALGORITHM

6. CODING

7. SCREEN SHOTS

1

Page 2: anti phishing attacks

PREVENTING PHISHING ATTACKS

1. INTRODUCTION

Phishing is a new word produced from 'fishing', it refers to the act that the attacker allure users to

visit a faked Web site by sending them faked e-mails and stealthily get victim's personal information such as

user name, password, and national security ID, etc.

This information then can be used for future target advertisements or even identity theft attacks (e.g.,

transfer money from victims' bank account). The frequently used attack method is to send e-mails to

potential victims, which seemed to be sent by banks, online organizations, or ISPs.

In these e-mails, they will make up some causes, e.g. the password of your credit card had been mis-

entered for many times, or they are providing upgrading services, to allure you visit their Web site to

confirm or modify your account number and password through the hyperlink provided in the e-mail.

If you input the account number and password, the attackers then successfully collect the

information at the server side, and is able to perform their next step actions with that information (e.g.,

withdraw money out from your account).Phishing itself is not a new concept, but it's increasingly used by

phishers to steal user information and perform business crime in recent years. Characteristics of phishing

hyperlinks

1) The visual link and the actual link are not the same;

2) The attackers often use dotted decimal IP address instead of DNS name;

3) Special tricks are used to encode the hyperlinks maliciously;

4) The attackers often use fake DNS names that are similar (but not identical) with the Target Web

site.

We then propose an end-host based anti-phishing algorithm which we call Link Guard, based on

the characteristics of the phishing hyperlink.

Since Link Guard is ch0aracter-based, it can detect and prevent not only known phishing attacks but

also unknown ones. It is very effective in detecting phishing attacks with minimal false negatives. Link

Guard detects 195 attacks out of the 203 phishing archives provided by APWG without knowing any

signatures of the attacks.

2

Page 3: anti phishing attacks

PREVENTING PHISHING ATTACKS

2. SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

We briefly review the approaches for anti phishing.

1) Detect and block the phishing Web sites in time:

If we can detect the phishing Web sites in time, we then can block the sites and prevent phishing attacks.

It's relatively easy to (manually) determine whether a site is a phishing site or not, but it's difficult to find

phishing sites out in time. Two methods for phishing site detection.

A) The Web master of a legal Web site periodically scans the root DNS for suspicious sites (e.g. www. 1

cbc.com.cn vs. www.icbc.com.cn).

B) Since the phisher must duplicate the content of the target site, he must use tools to (automatically)

download the Web pages from the target site.

It is therefore possible to detect this kind of download at the Web server and trace back to the phisher.

Both approaches have shortcomings. For DNS scanning, it 3queries, and furthermore, many phishing

attacks simply do not require a DNS name. For phishing download detection, clever phishers may easily

write tools which can mimic the behavior of human beings to defeat the detection.

2) Enhance the security of the web sites:

The business Websites such as the Web sites of banks can take new methods to guarantee the security of

users' personal information. One method to enhance the security is to use hardware devices. For example,

the Barclays bank provides a hand-held card reader to the users. Before shopping in the net, users need to

insert their credit card into the card reader, and input their (personal identification number) PIN code, then

the card reader will produce a onetime security password, users can perform transactions only after the right

password is input. And we use biometrics characteristic (e.g. voice, fingerprint, iris, etc.) for user

authentication. For example, PayPal had tried to replace the single password verification by voice

recognition to enhance the security of the Web site.

With these methods, the phishers cannot accomplish their tasks even after they have gotten part of the

victims' information. However, all these techniques need additional hardware to realize the authentication

between the users and the Web sites hence will increase the cost and bring certain inconvenience. Therefore,

it still needs time for these techniques to be widely adopted.

3

Page 4: anti phishing attacks

PREVENTING PHISHING ATTACKS

3) Block the phishing e-mails by various spam filters: Phishers generally use e-mails as 'bait' to allure

potential victims. SMTP (Simple Mail Transfer Protocol) is the protocol to deliver e-mails in the Internet. It

is a very simple protocol which lacks necessary authentication mechanisms. Information related to sender,

such as the name and email address of the sender, route of the message, etc., can be counterfeited in SMTP.

Thus, the attackers can send out large amounts of spoofed e-mails which are seemed from legitimate

organizations. The phishers hide their identities when sending the spoofed e-mails, therefore, if anti-spam

systems can determine whether an e-mail is sent by the announced sender (Am I Whom I Say I Am?), the

phishing attacks will be decreased dramatically.

From this point, the techniques that preventing senders from counterfeiting their Send ID (e.g. SIDF of

Microsoft) can defeat phishing attacks efficiently. SIDF is a combination of Microsoft's Caller ID for E-mail

and the SPF (Sender Policy Framework) developed by Meng Weng Wong. Both Caller ID and SPF check e-

mail sender's domain name to verify if the e-mail is sent from a server that is authorized to send e-mails of

that domain and from that to determine whether that e-mail use spoofed e-mail address. If it's faked, the

Internet service provider can then determine that e-mail is a spam e-mail. The spoofed e-mails used by

phishers are one type of spam e-mails. From this point of view, the spam filters can also be used to filter

those phishing e-mails. For example, blacklist, white list, keyword filters, Bayesian filters with self learning

abilities, and E-Mail Stamp, etc., can all be used at the e-mail server or client systems.

Most of these anti-spam techniques perform filtering at the receiving side by scanning the contents and

the address of the received e-mails. And they all have pros and cons as discussed below. Blacklist and white

list cannot work if the names of the spammers are not known in advance. Keyword filter and Bayesian

filters can detect spam based on content, hence can detect unknown spasm.

But they can also result in false positives and false negatives. Furthermore, spam filters are designed for

general spam e-mails and May not very suitable for filtering phishing e-mails since they generally do not

consider the specific characteristics of phishing attacks.

4) Install online anti-phishing software in user’s computers: Despite all the above efforts, it is still

possible for the users to visit the spoofed Web sites. As a last defense, users can install anti-phishing tools in

their computers. The anti phishing tools in use today can be divided into two categories: blacklist/white list

based and rule-based.

Category I:

When a user visits a Web site, the anti phishing tool searches the address of that site in a blacklist stored

in the database. If the visited site is on the list, the anti-phishing tool then warns the users. Tools in this

category include Scam Blocker from the EarthLink Company, Phish Guard, and Net craft, etc.

4

Page 5: anti phishing attacks

PREVENTING PHISHING ATTACKS

Though developers of these tools all announced that they can update the blacklist in time, they cannot

prevent the attacks from the newly emerged (unknown) phishing sites.

Category II:

This category of tools uses certain rules in their software, and checks the security of a Web site

according to these rules.

Examples of this type of tools include Spoof Guard developed by Stanford, Trust Watch of the Geo

Trust, etc. Spoof Guard checks the domain name, URL (includes the port number) of Web site, it also

checks whether the browser is directed to the current URL via the links in the contents of e-mails. If it finds

that the domain name of the visited Web site is similar to a well-known domain name, or if they are not

using the standard port, Spoof Guard will warn the users.

In Trust Watch, the security of a Web site is determined by whether it has been reviewed by an

independent trusted third party organization. Both Spoof Guard and Trust Watch provide a toolbar in the

browsers to notify their users whether the Web site is verified and trusted.

It is easy to observe that all the above defense methods are useful and complementary to each other, but

none of them are perfect at the current stage.

2.2 PROPOSED SYSTEM

I) Classification of the hyperlinks in the phishing e-mails:

In order to (illegally) collect useful information from potential victims, phishers generally tries to

convince the users to click the hyperlink embedded in the phishing e-mail. A hyperlink has a structure as

follows.

<a href="URI "> Anchor text <\a>

where ‘URI' (universal resource identifiers) provides the necessary information needed for the user to

access the networked resource and 'Anchor text' is the text that will be displayed in user's Web browser.

Examples of URIs are:

http://www.google.com

https://www.icbc.com.cn/login.html

5

Page 6: anti phishing attacks

PREVENTING PHISHING ATTACKS

ftp://61.112.1.90:2345 .

'Anchor text' in general is used to display information related to the URI to help the user to better

understand the resources provided by the hyperlink. In the following hyperlink, the URI links to the

phishing archives provided by the APWG group, and its anchor text "Phishing Archive" informs the user

what's the hyperlink is about. <a href http://www.antiphishing.org/phishing-archive.html">Phishing Archive

</a>

Note that the content of the URI will not be displayed in user's Web browser. Phishers therefore can

utilize this fact to play trick in their 'bait' e-mails. In the rest of the paper, we call the URI in the hyperlink

the actual link and the anchor text the visual link. After analyzing the 203 (there are altogether 210 phishing

e-mails, with 7 of them with incomplete information or with malware attachment and do not have

hyperlinks) phishing email archives from Sep. 21st 33332003 to July 4th 2005 provided by APWG.

We classified the hyperlinks used in the phishing e-mail into the following categories:

1) The hyperlink provides DNS domain names in the anchor text, but the destination DNS name in the

visible link doesn't match that in the actual link. For instance, the following hyperlink:

<a href= "http://www.profusenet.net/checksession.php">

https://secure.regionset.com/EBanking/logon/</a>

Appears to be linked to secure.regionset.com, which is the portal of a bank, but it actually is linked to a

phishing site www.profusenet.net.

2) Dotted decimal IP address is used directly in the URI or the anchor text instead of DNS name. See

below for an example.

<a href= "http://61.129.33.105/secured-site/www.skyfi.

Com/ index.html?MfclSAPICommand=SignInFPP&

UsingSSL= 1"> SIGN IN</a>

3) The hyperlink is counterfeited maliciously by using certain encoding schemes.

There are two cases:

a) The link is formed by encoding alphabets into their corresponding ASCII codes. See below for such a

hyperlink.

<a href="http://034%02E%0333%34%2E%311%39%355%2E

%o340o31:%34%39%30%33/%6C/%69%6E%64%65%78

6

Page 7: anti phishing attacks

PREVENTING PHISHING ATTACKS

%2E%68%74%6D"> www.citibank.com </a>

While this link is seemed pointed www.citibank.com, it actually points to

http://4.34.195.41:34/l/index.htm.

b) Special characters (e.g. (in the visible link) are used to fool the user to believe that the e-mail is from

a trusted sender. For instance, the following link seems is linked to amazons, but it actually is linked to IP

address 69.10.142.34.

http://www.amazon.com:[email protected].

4) The hyperlink does not provide destination information in its anchor text and uses DNS names in

its URI. The DNS name in the URI usually is similar with a famous company or organization. For

instance, the following link seems to be sent from PayPal, but it actually is not.

Since PayPal -cgi is actually registered by the phisher to let the users believe that it has something to do with

PayPal.

<a href= "http://www.paypal-cgi.us/webscr.php? Cmd=Login">

Click here to confirm your account</a>

5) The attackers utilize the vulnerabilities of the target Web site to redirect users to their phishing sites or

to launch CSS (cross site scripting) attacks. For example, the following link

<a href="http://usa.visa.com/track/dyredirjsp?rDirl=

http://200.251.251.10/.verified/"> Click here <a>

Once clicked, will redirect the user to the phishing site 200.251.251.10 due to a vulnerability of

usa.visa.com.

Table 1: The Categories of Hyperlinks In Phishing E-Mails

Table 1 summarizes the number of hyperlinks and their percentages for all the categories. It can be

observed that most of the phishing e-mails use faked DNS names (category 1,44.33°O) or dotted decimal IP

7

Page 8: anti phishing attacks

PREVENTING PHISHING ATTACKS

addresses (category 2, 41.87%).Encoding tricks are also frequently used (category 3a and 3b, 17.24%). And

phishing attackers often try to fool users by setting up DNS names that are very

Similar with the real e-commerce sites or by not providing destination information in the anchor text

(category 4) . Phishing attacks that utilize the vulnerability of Web sites (category 5) are of small number

(2%) and we leave this type of attacks for future study. Note that a phishing hyperlink can belong to several

categories at the same time. For instance, an attacker may use tricks from both categories 1 and 3 at the

same time to increase his success chance. Hence the sum of percentages is larger than 1.

Once the characteristics of the phishing hyperlinks are understood, we are able to design anti-phishing

algorithms that can detect known or unknown phishing attacks in real-time.

II) LINK GUARD ALGORITHM:

This Link Guard algorithm is the concept for finding the phishing e-mails Sent by the phishers

to grasp the information’s of the end user. This algorithm comprises of some important systems they are,

1. Comm:

This collects the information of the input process, and sends these related information’s to the Analyzer.

2. Database:

Store the white list, blacklist, and the user input URLs.

3. Analyzer:

It is the key component of Link Guard, which implements the Link Guard algorithm it uses data

provided by Common and Database, and sends the results to the Alert and Logger modules.

4. Alerter:

When receiving a warning message from Analyzer, it shows the related information to alert the users

and send back the reactions of the user back to the Analyzer.

5. Logger:

Archive the history information, such as user events, alert information, for future use.

8

Page 9: anti phishing attacks

PREVENTING PHISHING ATTACKS

Fig: Link Guard Diagram

The Link Guard algorithm:

Link Guard works by analyzing the differences between the visual link and the actual link. It also calculates

the similarities of a URI with a known trusted site. The algorithm is illustrated in Fig. 1. The following

terminologies are used in the algorithm.

v_link: visual link;

a_link: actual_link;

v_dns: visual DNS name;

a_dns: actual DNS name;

sender_dns: sender’s DNS name.

int LinkGuard(v_link, a_link} {

1 v_dns = GetDNSName(v_link);

2 a_dns = GetDNSName(a_link);

3 if ((v_dns and a_dns are not

4 empty) and (v_dns != a_dns))

5 return PHISHING;

6 if (a_dns is dotted decimal)

7 return POSSIBLE_PHISHING;

8 if(a_link or v_link is encoded)

9 {

10 v_link2 = decode (v_link);

9

Page 10: anti phishing attacks

PREVENTING PHISHING ATTACKS

11 a_link2 = decode (a_link);

12 return LinkGuard(v_link2, a_link2);

13 }

14 /* analyze the domain name for

15 possible phishing */

16 if(v_dns is NULL)

17 return AnalyzeDNS(a_link);

}

Description of the Link Guard algorithm.

The Link Guard algorithm works as follows. In its main routine Link Guard, it first extracts the DNS

names from the actual and the visual links (lines 1 and 2). It then compares the actual and visual DNS

names, if these names are not the same, then it is phishing of category 1 (lines 3-5). If dotted decimal IP

address is directly used in actual dns , it is then a possible phishing attack of category 2 (lines 6 and 7). We

will delay the discussion of how to handle possible phishing attacks later. If the actual link or the visual link

is encoded

int AnalyzeDNS (actual_link) {

/* Analyze the actual DNS name according

to the blacklist and whitelist*/

18 if (actual_dns in blacklist)

19 return PHISHING;

20 if (actual_dns in whitelist)

21 return NOTPHISHING;

22 return PatternMatching(actual_link);

}

int PatternMatching(actual_link){

23 if (sender_dns and actual_dns are different)

24 return POSSIBLE_PHISHING;

25 for (each item prev_dns in seed_set)

26 {

27 bv = Similarity(prev_dns, actual_link);

28 if (bv == true)

10

Page 11: anti phishing attacks

PREVENTING PHISHING ATTACKS

29 return POSSIBLE_PHISHING;

30 }

31 return NO_PHISHING;

}

float Similarity (str, actual_link) {

32 if (str is part of actual_link)

33 return true;

34 int maxlen = the maximum string

35 lengths of str and actual_dns;

36 int minchange = the minimum number of

37 changes needed to transform str

38 to actual_dns (or vice verse);

39 if (thresh<(maxlen-minchange)/maxlen<1)

40 return true

41 return false;

}

The subroutines used in the Link Guard algorithm. (Categories 3 and 4), we first decode the links, then

recursively call Link Guard to return a result (lines 8-13). When there is no destination information (DNS

name or dotted IP address) in the visual link (category 5), Link Guard calls AnalyzeDNS to analyze the

actual DNS (lines 16 and 17). Link Guard therefore handles all the 5 categories of phishing attacks.

AnalyzeDNS and the related subroutines are depicted in Fig. 2. In AnalyzeDNS, if the actual dns name is

contained in the Blacklist, then we is sure that it is a phishing attack (lines 18 and 19). Similarly, if the

actual DNS is contained in the white list, it is therefore not a phishing attack (lines 20 and 21).

If the actual DNS is not contained in either white list or blacklist, Pattern Matching is then

invoked (line 22). Pattern Matching is designed to handle unknown attacks (blacklist/white list is useless in

this case). For category 5 of the phishing attacks, all the information we have is the actual link from the

hyperlink (since the visual link does not contain DNS or IP address of the destination site), which provide

very little information for further analysis. In order to resolve this problem, we try two methods: First, we

extract the sender email address from the e-mail. Since phishers generally try to fool users by using

(spoofed) legal DNS names in the sender e-mail address, we expect that the DNS name in the sender

address will be different from that in the actual link. Second, we proactively collect DNS names that are

manually input by the user when she surfs the Internet and store the names into a seed set, and since these

11

Page 12: anti phishing attacks

PREVENTING PHISHING ATTACKS

names are input by the user by hand, we assume that these names are trustworthy. Pattern Matching then

checks if the actual DNS name of a hyperlink is different from the DNS name in the sender’s address (lines

23 and 24), and if it is quite similar (but not identical) with one or more names in the seed set by invoking

the Similarity (lines 25-30) procedure.

iii) LINK GUARD IMPLEMENTED CLIENT:

Link-Guard is the careful analysis of the characteristics of phishing hyperlinks. Link Guard has a

verified very low false negative rate for unknown phishing attacks.

This Link Guard algorithm is the concept for finding the phishing e-mails Sent by the phishers to grasp

the information of the end user, So each end user will be implemented with the Link Guard algorithm, After

implementing the Link Guard algorithm now the end user may able to find the phishing attacks, and can

avoid responding phishing e-mails .Since Link Guard is character-based, it can detect and prevent not only

known phishing attacks but also unknown ones.

iv) FEASIBILITY STUDY:

Since Link Guard is a rule-based heuristic algorithm, it may because false positives (i.e., treat non-

phishing site as phishing site) and false negatives (i.e., treat phishing site as non phishing site).

In what follows, we show that Link Guard may result in false positives but is very unlikely to cause

harmful false negatives.

For phishing attacks of category 1, we are sure that there is no false positive or false negatives, since

the DNS names of the visual and actual links are not the same.

It is also easy to observe that Link Guard handles categories 3 and 4 correctly since the encoded links

are first decoded before further analysis.

For category 2, Link Guard may result in false positives, since using dotted decimal IP addresses

instead of domain names may be desirable in some special circumstances (e.g., when the DNS names

are still not registered).

For category 5, Link Guard may also result in false positives. For example, we know that both

'www.iee.org' and 'www.ieee.org' are legal Web sites. But these two DNS names have a similarity

index of 3/4, hence is very likely to trigger a false positive.

12

Page 13: anti phishing attacks

PREVENTING PHISHING ATTACKS

For category 5, Link Guard may also result in false negatives. False negatives are more harmful than

false positives, since attackers in this case will succeed in leading the victim to the phishing sites.

<”application.htm"> Click here </a> We note that this kind of false negatives is very unlikely to result

in information leakage, since the end user is very unlikely to have information the attack interested

(since the DNS name in this link is not similar with any legal Web sites).

2.3 SOFTWARE AND HARDWARE SPECIFICATION

2.3.1 HARDWARE REQUIREMENTS

Hard disk : 20 GB and above

RAM : 256 MB and above

Processor speed : 1.6 GHz and above

2.3.2 SOFTWARE REQUIREMENTS

Operating System : Windows 2000/XP

Documentation Tool : Ms word 2000

2.3.3 TECHNOLOGIES USED

JSP Servlets Apache Tomcat 5.5

2.3.4 DATABASE

Oracle XE

13

Page 14: anti phishing attacks

PREVENTING PHISHING ATTACKS

3. Software Requirements Specification

1.0. Introduction

1.1. Purpose

The purpose of this document is to present a detailed description of the Preventing Publishing

System. It will explain the purpose and features of the system, the interfaces of the system, what the system

will do, the constraints under which it must operate and how the system will react to external stimuli. This

document is intended for both the stakeholders and the developers of the system and will be proposed to the

Regional Historical Society for its approval.

1.2. Scope of Project

This software system will be a Preventing Publishing Attacks System .This system will be designed to

protect user by providing alertness in user to protect from phishing attacks and loss of securable information

which would otherwise may loss.More specifically, this system is designed to allow a user to manage and

communicate with everyone who are actually authorized this done by sending and receiving E-Mail as here

we are using e-mail system.

1.3. Definitions, Abbreviations, Acronyms:

Comm: Collects the information of the input process, and sends these related Information’s to the Analyzer.

Data Base: Store the white list, blacklist, and the user input URLs.

Analyzer: It is the key component of Link Guard, which implements the Link Guard algorithm it uses data

provided by Comm and Database, and sends the results to the Alert and Logger modules.

Web Site: A place on the World Wide Web.

Alerter: When receiving a warning message from Analyzer, it shows the related information to alert the

users and send back the reactions of the user back to the Analyzer.

Logger: Achieve the history information, such as user events, alert information, for future use.

Phish Box: This contains all the prevented phish mails which tries to steal user’s valuable data.

Inbox: This contains the mails which are allowed the user to access.

Compose Mail: This is to send the mail to others.

Software Requirements Specification: A document that completely describes all of the functions of a

proposed system and the constraints under which it must operate. Stakeholder: Any person with an

interest in the project who is not a developer.

14

Page 15: anti phishing attacks

PREVENTING PHISHING ATTACKS

User: client who use this software.

Phisher: He is the attacker who tries to create loss to mail receiver.

References

IEEE. IEEE Std 830-1998 IEEE Recommended Practice for Software Requirements Specifications.

IEEE Computer Society, 1998.

Experimental Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Encrypted

Personal E-mail Message.In Proc. SIGIR 2000, 2000.

The Anti-phishing working group. http://www.antiphishing.org/.Neil Chou, Robert Ledesma, Yuka

Teraguchi, Dan Boneh, and John C.Mitchell. Client-side defense against web-based identity theft. In

Proc.NDSS 2004, 2004.

Cynthia Dwork, Andrew Goldberg, and Moni Naor. On Memory-Bound.Functions for Fighting Spam.

In Proc. Crypto 2003, 2003.

1.4. Overview of Document

The Overall Description section, of this document gives an overview of the functionality of the

product. It describes the informal requirements and is used to establish a context for the technical

requirements specification in the next chapter.

The third chapter, Requirements Specification section, of this document is written primarily for the

developers and describes in technical terms the details of the functionality of the product.

Both sections of the document describe the same software product in its entirety, but are intended for

different audiences and thus use different language.

2.0 Overall Description

2.1 Product Perspective

We briefly review the approaches for anti phishing.

1) Detect and block the phishing Web sites in time:

It is manually easy but not always possible to detect and blocking web sites based on phishing or not.

2) Enhance the security of the web sites:

The business Websites such as the Web sites of banks can take new methods like using hardware

devices for example Barclays bank provides a hand-held card reader to the users.

15

Page 16: anti phishing attacks

PREVENTING PHISHING ATTACKS

And they need to insert their credit card into the card reader, and input their (personal identification

number) PIN code and security password, then only users can perform transactions. However, all these

techniques need additional hardware to realize the authentication between the users and the Web

sites .Therefore, it still needs time for these techniques to be widely adopted.

3) Block the phishing e-mails by various spam filters:

Phishers generally use e-mails as 'bait' to allure potential victims. SMTP (Simple Mail Transfer

Protocol) is the protocol to deliver e-mails in the Internet which lacks necessary authentication mechanism.

Information related to sender, such as the name and email address of the sender, route of the message, etc.,

can be counterfeited in SMTP.

Thus phisher can send easily spoofed e-mails. if anti-spam systems can determine whether an e-mail is

sent by the announced sender (Am I Whom I Say I Am?), the phishing attacks will be decreased

dramatically.

4) Install online anti-phishing software in user’s computers:

Despite all the above efforts, it is still possible for the users to visit the spoofed Web sites. As a last

defense, users can install anti-phishing tools in their computers. The anti phishing tools in use today can be

divided into two categories: blacklist/white list based and rule-based.

Category I:

When a user visits a Web site, the anti phishing tool searches the address of that site in a blacklist stored

in the database. If the visited site is on the list, the anti-phishing tool then warns the users.

Category II:

This category of tools uses certain rules in their software, and checks the security of a Web site

according to these rules.

In the proposed system we can enhance advanced properties which avoids above dis-advantages.

2.1.1 SYSTEM INTERFACES

JAVA MAIL API

Email is probably the most widely used methods of communication. A J2EE application is able to send

and receive email messages through the use of the Java mail API. It is protocol independent and can send

and receive messages created by a J2EE application via email using existing email protocols.

It provides a set of abstract classes defining objects that comprise a mail system. The API defines classes

like message, store and transport. The API can be extended and can be sub classed to provide new protocols

and to add functionality when necessary.

16

Page 17: anti phishing attacks

PREVENTING PHISHING ATTACKS

JAVA MAIL LAYERED ARCHITECTURE

The Java Mail architectural components are layered as shown below:

The abstract layer declares classes, interfaces and abstract methods intended to support mail handling

functions that all mail system support.

The internet implementation layer part of the abstract layer using Internet standards

Java mail uses the Java Beans Activation Frame work (JAF) in order to encapsulate message data and to

handle commands intended to interact with the data.

2.1.2 Hardware Interfaces:

The selection of hardware is very important in the existence and proper working of any software. In the

selection of hardware, the size and the capacity requirements are also important.

Pentium processor - 233 MHZ or above

RAM Capacity - 256MB

Hard Disk - 40GB

Input Device - Standard keyboard and mouse

Output device - High Resolution monitor

2.1.3 Software Interfaces:

One of the most difficult tasks is that, the selection of the software, once system requirement is known

then determining whether a particular software package fits the requirements is seen.

Operating System - Windows Xp

Browser - IE, Mozilla.

Web/Application Server - Tomcat

Database Server - Oracle 10g

Database Connectivity - JDBC

Other Tools & Technologies - Java (JDK), Servlets (JSDK),HTML.

2.1.4 Communication Interfaces:

Here we use Mail System through which user can interact with other users by sending mails.

2.1.5 Operations:

We use the database for storing and backup which will be done by Logger component in Link Guard. In

case of failures we can perform recovery using the database.

2.1.6 Site Adaption Requirements:

17

Page 18: anti phishing attacks

PREVENTING PHISHING ATTACKS

Future work includes further extending the Link Guard algorithm, so that it can handle CSS (cross site

scripting) attacks.Cross-site scripting (CSS) is a type of computer security vulnerability typically found

in web applications which allow code injection by malicious web users into the web pages viewed by

other users.

2.2 Product Functions

Ensure that a user’s data only goes to the intended recipient.

Prevent a user’s data from reaching an untrustworthy recipient.

Prevent an attacker from abusing a user’s data.

Prevent an attacker from modifying a user’s account.

Prevent an attacker from viewing a user’s account.

Protecting users from blocking phish mails.

2.3 User Characteristics

User:

The user is expected to be Internet literate and be able to use a search engine.

The end users are expected to be Internet literate and to be able to use email with attachments.

The user is expected to be Windows literate and to be able to use button, pull-down menus, and similar

tools.

User should be able to detect phishing sites.

User should avoid phishing mails and avoid responding them.

User is allowed to filter the mails using Link Guard algorithm.

2.4 Constraints

2.4.1 Security:

The client system on which the Link-Guard resides will have its own security to prevent unauthorized

access of confidential data. The use of email by a receiver is on the client systems and thus is external to the

system.

2.5 Non-Functional Requirements

The physical machine to be used will be determined by the Historical Society. The software

developed here assumes the use of a tool such as Tomcat for connection between the Web pages and the

database. The speed of the Client’s connection will depend on the hardware used rather than characteristics

of this system.

18

Page 19: anti phishing attacks

PREVENTING PHISHING ATTACKS

The Link-Guard will run on the client’s PC and will contain an Access database. Access is already

installed on this computer and is a Windows operating system.

3. Specific Requirements

3.1External Interfaces:

Here we are not using any external interfaces as we are performing Link Guard algorithm at the client side.

3.2 Functions

Login : From login page user can login into site.

Registration : User uses registration form for registration.

Compose Mail : User can send mails by using compose mails.

Filter Phishing mails : Link-Guard algorithm performs filtering of phish mails.

Retrieve user details by

validation : user provided with forget password feature which can

validates and retrieve loss password.

3.3 Performance Requirements

If our system is to provide a realistic defense against phishing attacks, it must impose minimal overhead,

since a solution that significantly slows the web browsing experience will be unlikely to be adopted.

4. UML Diagrams

UML Diagrams

The UML diagram was added to illustrate a sample e-commerce transaction –in this case online

shopping– from a high level, in the form of a storyboard.

This was shown to provide an overview of how such a transaction would play out in the context of e-

business.

4.1. Use Case Diagrams:

A use case diagram is a diagram that shows a set of use cases, actors and their relationships and used to

model the context of a system, model the requirements of a system

19

Page 20: anti phishing attacks

PREVENTING PHISHING ATTACKS

Login AndRegistration: It allows the user to perform Registration & Login.

Inbox,Phish box And Compose mail: After login user can open inbox, phish box, can

compose mail.

4.2. SEQUENCE DIAGRAMS:

A sequence diagram emphasizes the time ordering of messages. It has

2 features that distinguish it from collaboration diagram.

Sequence Diagrams consists of

Objects

Relationships

Sequence diagram for Registration,Login and Home:

20

Page 21: anti phishing attacks

PREVENTING PHISHING ATTACKS

Sequence diagram for Registration,Login and Home

This shows us that how user can request and processed with registration, login & customer

home.

Customer inbox,phish box,compose mail:

Customer inbox,phish box,compose mail: This shows us that possible fields that user can enter and

identifying phish mails.

21

Page 22: anti phishing attacks

PREVENTING PHISHING ATTACKS

First there is the object lifeline that is vertical dashed line in the diagram. Second, there is the focus of

control. The focus of control is a tall, thin rectangle that shows the period of time during which an object is

performing an action.

4.3. CLASS DIAGRAMS:

A class diagram shows the existence of classes and their relationships in the logical design of a system. A

class diagram may represent all or part of the class structure of a system.

A Class consists of the following:

Classes

Interfaces

Relationships

CLASS DIAGRAMS:

1. Class diagram showing implementation of link guard algorithm.

2. Home class component is to enter into the site.

3. Signup class is to make register the user. Sign in is to access user data by login through

4. providing user name, password.

22

Page 23: anti phishing attacks

PREVENTING PHISHING ATTACKS

5. MsgForm class gives the format of message .Mail class is to access mails whatever

6. received by user by the user. Domain class for validation purpose by sending to Link

7. Guard .Link Guard class is to apply Link Guard algorithm to prevent user from phishing attacks.

8. Analyzer class is to observe the links of mails received.

23

Page 24: anti phishing attacks

PREVENTING PHISHING ATTACKS

4.4 Logical Structure of the Data

4.4.1 Database File Structure:

Fig: 4.4.1 Table for Mail list

Database will maintain list of user’s mails

Fig: 4.4.2 Table for User Details

User details will be maintained by database.

24

Page 25: anti phishing attacks

PREVENTING PHISHING ATTACKS

4. SOFTWARE DESCRIPTION

4.1 JAVA

It is a Platform Independent. Java is an object-oriented programming language developed initially by

James Gosling and colleagues at Sun Microsystems. The language, initially called Oak (named after the oak

trees outside Gosling's office), was intended to replace C++, although the feature set better resembles that of

Objective C.

4.1.1 WORKING OF JAVA

For those who are new to object-oriented programming, the concept of a class will be new to you.

Simplistically, a class is the definition for a segment of code that can contain both data (called

attributes) and functions (called methods).

When the interpreter executes a class, it looks for a particular method by the name of main, which will

sound familiar to C programmers. The main method is passed as a parameter an array of strings (similar to

the argv [] of C), and is declared as a static method.

To get output from the program, we use the println method of System.out, which is java’s output

stream. UNIX users will appreciate the theory behind such a stream, as it is actually standard output. For

those who are instead used to the Wintel platform, it will write the string passed to it to the user’s program.

Java consists of two things:

Programming language

Platform

4.1.2 THE JAVA PROGRAMMING LANGUAGE

Java is a high-level programming language that is all of the following:

Simple, Object-oriented, Distributed, Interpreted, Robust, Secure, Architecture-neutral, Portable, High-

performance, Multithreaded, Dynamic.

The Java code and can bring about changes whenever felt necessary. Some of the standard needed to

achieve the above-mentioned objectives are as follows:

Java is unusual in that each Java program is both complied and interpreted. With a compiler, you

translate a Java program into an intermediate language called Java byte codes – the platform independent

codes interpreted by the Java interpreter.

25

Page 26: anti phishing attacks

PREVENTING PHISHING ATTACKS

With an interpreter, each Java byte code instruction is parsed and run on the computer. Compilation

happens just once; interpretation occurs each time the program is executed. This figure illustrates how it

works:

Fig.4.1 Working of Java

You can think of Java byte codes as the machine code instructions for the Java Virtual Machine

(JVM). Every Java interpreter, whether it’s a Java development tool or a Web browser that can run Java

applets, is an implementation of JVM. That JVM can also be implemented in hardware. Java byte codes

help make “write once, run anywhere” possible.

You can compile your Java program into byte codes on any platform that has a Java compiler. The

byte codes can then be run on any implementation of the JVM. For example, that same Java program can e

run on Windows NT, Solaris and Macintosh.

26

Page 27: anti phishing attacks

PREVENTING PHISHING ATTACKS

Fig.4.1.2 Java Program on Different Platforms

PC-Compatible Sun Ultra Solaris Power Macintosh

Windows NT System 8

4.1.3 THE JAVA PLATFORM

A platform is the hardware or software environment in which a program runs. The Java platform

differs from most other platforms in that it’s a software-only platform that runs on top of other, hardware-

based platforms. Most other platforms are described as a combination of hardware and operating system.

The Java platform has two components:

The Java Virtual Machine (JVM) The Java Application Programming Interface (Java API)

You’ve already been introduced to the JVM. It’s the base for the Java platform and is ported onto

various hardware-based platforms.

27

Java

program

Complier

InterpreterInterpreterInterpreter

Page 28: anti phishing attacks

PREVENTING PHISHING ATTACKS

The Java API is a large collection of ready-made software components that provide many useful

capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries

(packages) of related components. The following figures depict a Java program, such as an application or

applet, that’s running on the Java platform. As the figure shows, the Java API and Virtual Machine insulates

the Java program from hardware dependencies.

Fig.4.1.3: THE JAVA PLATFORM

As a platform-independent environment, Java can be a bit slower than native code. However, smart

compliers, weel-tuned interpreters, and just-in-time byte compilers’ can bring Java’s performance close to

that of native code without threatening portability.

4.2 JAVA SERVLETS:

A Java Servlet is a server-side program that is called by the user interface or another J2EE

component and contains the business logic to process a request. In this the implicit and the explicit data is

sent from a client to a server-side program in the form of a request that is processed and another set of

explicit implicit data is returned.

Explicit data is information received from the client that is typically either entered by the user in to

user interface or generated by the user interface itself. Implicit data is HTTP information that is generated

by the client rather than the user.

4.2.1 Advantages of java servlets

Only one copy of a java servlet is loaded in to the JVM no matter the number of simultaneous requests.

A java servlet has persistence. This means that the servlet remains alive after the request.

28

Page 29: anti phishing attacks

PREVENTING PHISHING ATTACKS

4.3 JAVA SERVER PAGES

A JSP is similar in design and functionality to java servlet. It is called by the client to provide a web

service, the nature of which depends on the J2EE application. However, a JSP differs from a servlet in the

way in which the JSP is written. Java Servlet is written using Java programming language and responses are

encoded as an output string object that is passed to the println () method. In contrast a JSP is written in

HTML, XML, or in the client’s format that is interspersed with scripting elements, directives, and actions

comprised of Java Programming language and JSP syntax.

There are three methods that are automatically called when the JSP is requested and the JSP terminates

normally. These are the jspInt () method, the jspDestroy () method, and the service () method.

The jspInt () method is called first when the jsp is requested and is used to initialize objects and

variables that are used throughout the life of the JSP. The jspDestroy () method is automatically called when

the JSP terminates normally. It isn’t called when the JSP abruptly terminates. The service () method is

automatically called and retrieves connection to HTTP.

The jsp programs are executed by a JSP virtual machine that runs on a web server. Therefore you will

need to have access to a JSP virtual machine to run your JSP program. One of the most popular JSP virtual

machines is TOMCAT.

4.4 APACHE TOMCAT SERVER

Apache Tomcat is a web container developed at the Apache Software Foundation. Tomcat implements

the servlet and the Java Server Pages (JSP) specifications from Sun Microsystems, providing an

environment for Java code to run in cooperation with a web server.

It adds tools for configuration and management but can also be configured by editing configuration

files that are normally XML-formatted. Because Tomcat includes its own HTTP server internally, it is also

considered a standalone web server.

Environment: Tomcat is a web server that supports servlets and JSPs. Tomcat comes with

the Jasper compiler that compiles JSPs into servlets .

Tomcat can also function as an independent web server. Earlier in its development, the perception

existed that standalone Tomcat was only suitable for development environments and other environments

with minimal requirements for speed and transaction handling. However, this no longer exists; it is

increasingly used as a standalone web server in high-traffic, high-availability environments. Since its

developers wrote Tomcat in Java, it runs on any operating system that has a JVM.

29

Page 30: anti phishing attacks

PREVENTING PHISHING ATTACKS

Product Features

Tomcat 3.x (initial release).

Implements the Servlet 2.2 and JSP 1.1 specifications.

Servlet reloading.

Basic HTTP functionality.

Tomcat 4.x

Implements the Servlet 2.3 and JSP 1.2 specifications

Servlet container redesigned as Catalina.

JSP engine redesigned as Jasper.

Coyote connector.

Java Management Extensions (JMX), JSP and Struts-based administration.

Tomcat 5.x

Implements the Servlet 2.4 and JSP 2.0 specifications.

Reduced garbage collection, improved performance and scalability.

native Windows and Unix wrappers for platform integration

Faster JSP parsing.

History:

Tomcat started off as a servlet specification implementation by James Duncan Davidson, a software

architect at Sun. He later helped make the project open source and played a key role in its donation by Sun

to the Apache Software Foundation.

Davidson had initially hoped that the project would become open-sourced and, since most open-source

projects had O'Reilly books associated with them featuring an animal on the cover, he wanted to name the

project after an animal. He came up with Tomcat since he reasoned the animal represented something that

could take care of and fend for itself. His wish to see an animal cover eventually came true when O'Reilly

published their Tomcat book with a tomcat on the cover.

4.5 JAVA MAIL API

Email is probably the most widely used methods of communication. A J2EE application is able to send

and receive email messages through the use of the Java mail API. It is protocol independent and can send

and receive messages created by a J2EE application via email using existing email protocols.

30

Page 31: anti phishing attacks

PREVENTING PHISHING ATTACKS

It provides a set of abstract classes defining objects that comprise a mail system. The API defines classes

like message, store and transport. The API can be extended and can be sub classed to provide new protocols

and to add functionality when necessary.

JAVA MAIL LAYERED ARCHITECTURE

The Java Mail architectural components are layered as shown below:

The abstract layer declares classes, interfaces and abstract methods intended to support mail

handling functions that all mail system support.

The internet implementation layer part of the abstract layer using Internet standards

Java mail uses the Java Beans Activation Frame work (JAF) in order to encapsulate

message data and to handle commands intended to interact with the data.

4.6 SYSTEM DESIGN

4.6.1 Database File Structure:

Fig: 4.6.1.1 Table for Mail list

Here database will maintain list of user’s mails.

Fig: 4.6.1.2 Table for User Details

31

Page 32: anti phishing attacks

PREVENTING PHISHING ATTACKS

User details will be maintained by database.

32

Page 33: anti phishing attacks

PREVENTING PHISHING ATTACKS

4.6.2. Data Flow Diagram

Fig.4.6.2: Login and user details verification

Phishing can generally occur with Banking websites or e-shopping websites. This project explains the

implementation of the Link Guard using a mail-box system. Every time a new user signs in his details are

written in to the database. Every time an existing user logs on his details are checked up for with the

database.

33

Page 34: anti phishing attacks

PREVENTING PHISHING ATTACKS

This module deals with the user interface for the home page, sign-in, sign-up and forgot your password

pages. This module enables a new user to Sing-Up. It also enables an existing user to Sign-In. The user may

use the Forget password link if he did forget his password. The password is retrieved on the basis of security

question and answer given by the user.Database operation manages the users. Every time a new user signs

in his details are written in to the database.

UML Diagrams

The UML diagram was added to illustrate a sample e-commerce transaction –in this case online

shopping– from a high level, in the form of a storyboard.

This was shown to provide an overview of how such a transaction would play out in the context of e-

business.

This was followed by an animation for brief but clear understanding of the sample.

Use case Diagrams:

A use case diagram is a diagram that shows a set of use cases and actors and their relationships. It is

used to model the context of a system and to model the requirements of a system.

User Registration &Login

It allows the user to perform Registration & Login.

34

Page 35: anti phishing attacks

PREVENTING PHISHING ATTACKS

User accessing mailbox

After login user can open inbox, phish box, can compose mail.

Sequence Diagrams:

A sequence diagram emphasizes the time ordering of messages. It has 2 features that distinguish it from

a collaboration diagram. First there is the object lifeline that is vertical dashed line in the diagram. Second,

there is the focus of control. The focus of control is a tall, thin rectangle that shows the period of time during

which an object is performing an action.

User Registration

Sequence diagram shows user registration, login & customer home page.

35

Page 36: anti phishing attacks

PREVENTING PHISHING ATTACKS

User Login

Sequence diagram shows user login.

CLASS DIAGRAMS

A class diagram shows the existence of classes and their relationships in the logical design of a system. A

class diagram may represent all or part of the class structure of a system.

A Class consists of the following:

Classes

36

Page 37: anti phishing attacks

PREVENTING PHISHING ATTACKS

Interfaces

Relationships

CLASS DIAGRAM:

Class diagram showing implementation of link guard algorithm .

1. Class diagram showing implementation of link guard algorithm.

2. Home class component is to enter into the site.

3. Signup class is to make register the user. Sign in is to access user data by login through

4. providing user name, password.

37

Page 38: anti phishing attacks

PREVENTING PHISHING ATTACKS

5. MsgForm class gives the format of message .Mail class is to access mails whatever

6. received by user by the user. Domain class for validation purpose by sending to Link

7. Guard .Link Guard class is to apply Link Guard algorithm to prevent user from phishing attacks.

8. Analyzer class is to observe the links of mails received.

38

Page 39: anti phishing attacks

PREVENTING PHISHING ATTACKS

5. SYSTEM IMPLEMENTATION

5.1 MODULE:

1. Creation of a mail system and database operations

2. Composes, send and receive a mail

3. Implementation of the Link Guard algorithm

MODULE EXPLANATION:

Phishing can generally occur with Banking websites or e-shopping websites. This project explains the

implementation of the Link Guard algorithm using a mail-box system.

5.1.1 MODULE 1: CREATION OF A MAIL SYSTEM AND DATABASE OPERATIONS

This module deals with the user interface for the home page, sign-in, sign-up and forgot your password

pages. This module enables a new user to Sing-Up.

39

Page 40: anti phishing attacks

PREVENTING PHISHING ATTACKS

It also enables an existing user to Sign-In. The user may use the Forget password link if he did forget

his password. The password is retrieved on the basis of security question and answer given by the user.

Database operation manages the users. Every time a new user signs in his details are written in to the

database. Every time an existing user logs on his details are checked up for with the database.

5.1.2 MODULE 2: COMPOSES, SEND AND RECEIVE A MAIL

The module 2 enables the user to compose and send a mail. It also allows the user to read a received

mail. Once a mail is sent the date and the subject of the mail gets displayed. The received mail can be

checked if it is phishing or not, the implementation of which is given in the next module. The compose mail

option contains an option for spoof id. The spoof id allows the mail of the composer to be delivered with a

different from address. This is being incorporated to demonstrate the Link Guard algorithm.

Fig 5.1.2 COMPOSES, SEND AND RECEIVE A MAIL

5.1.3 MODULE 3: IMPLEMENTATION OF THE LINK GUARD ALGORITHM

The module contains the implementation of the Link Guard algorithm. It is possible for the user to

add domain names and categorize them as either white list or black list under settings. Whenever a mail is

detected as phishing the domain name in that mail automatically gets added as black list. The Link Guard

algorithm checks if the domain names fall under any of the 5 categories of hyperlinks for phishing emails. It

also refers to the database of black and white list entries and sets the status of the mail as either Phishing or

40

Send

mail

Check

Page 41: anti phishing attacks

PREVENTING PHISHING ATTACKS

Non-Phishing. Once the mail is categorized as Phishing the user can take care that he does not open the link

or submit any personal, critical information on to the website.

Fig 5.1.3. IMPLEMENTATION OF THE LINK GUARD ALGORITHM

LINK GUARD ALGORITHM:

Comm: This collects the information of the input process, and sends these related

Information’s to the Analyzer.

Database: Store the white list, blacklist, and the user input URLs.

Analyzer: It is the key component of Link Guard, which implements the Link Guard

Algorithm; it uses data provided by Comm and Database, and sends the results to the Alert

and Logger modules.

41

Page 42: anti phishing attacks

PREVENTING PHISHING ATTACKS

Alerter: When receiving warning messages from Analyzer, it shows the related information to alert the

users and send back the reactions of the user back to the Analyzer.

Logger:

Archive the history information, such as user events, alert information, for future use.

42

Page 43: anti phishing attacks

PREVENTING PHISHING ATTACKS

6. CODING

//Sample.java

import java.sql.Savepoint;

import javax.security.sasl.SaslClientFactory;

import javax.security.sasl.SaslServerFactory;

/*

* Created on Apr 8, 2008

*

* TODO to change the template for this generated file go to

* Window - Preferences - Java - Code Style - Code Templates

*/

/**

* @author user

*

* TODO To change the template for this generated type comment go to

* Window - Preferences - Java - Code Style - Code Templates

*/

public class sample implements SaslClientFactory, SaslServerFactory, Savepoint {

public static void main(String[] args) {

}

}

//Sendmail.java

import java.io.*;

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import javax.servlet.*;

43

Page 44: anti phishing attacks

PREVENTING PHISHING ATTACKS

import javax.servlet.http.*;

import Appn.*;

public class Sendmail extends HttpServlet

{

public void doPost(HttpServletRequest request,HttpServletResponse response)

throws ServletException, IOException

{

PrintWriter out = response.getWriter();

String to=request.getParameter("t1").trim();

String sub=request.getParameter("t2");

String body=request.getParameter("t3");

String spoof="";

boolean result=check(to);

if (result)

{

Mail m=new Mail();

HttpSession ses=request.getSession();

boolean ack=m.send(getServletConfig().getServletContext().getInitParameter("server"),to,

(String)ses.getAttribute("user"),sub,body,spoof);

if(ack)

{

RequestDispatcher rq=request.getRequestDispatcher("compose.jsp");

request.setAttribute("msg","Your Message Sent");

rq.forward(request,response);

}

else

{

RequestDispatcher rq=request.getRequestDispatcher("compose.jsp");

44

Page 45: anti phishing attacks

PREVENTING PHISHING ATTACKS

request.setAttribute("msg","The Message Sending failure");

rq.forward(request,response);

}

}

else

{

RequestDispatcher rq=request.getRequestDispatcher("compose.jsp");

request.setAttribute("msg","The receipient not exist");

rq.forward(request,response);

}

}

public boolean check(String to)

{

boolean exist=false;

try

{

DriverManager.registerDriver( new oracle.jdbc.driver.OracleDriver() );

Connection conn =

DriverManager.getConnection( "jdbc:oracle:thin:@"+getServletConfig().getServletContext().getInitParamet

er("server"),"system","redhat" );

PreparedStatement st = conn.prepareStatement("Select * from MEMBER WHERE id =

'"+to+"'");

ResultSet rs = st.executeQuery();

while(rs.next())

{

exist=true;

}

st.close();

conn.close();

}

45

Page 46: anti phishing attacks

PREVENTING PHISHING ATTACKS

catch(Exception e)

{

e.printStackTrace();

return false;

}

return exist;

}

}

//Home.java

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class Home extends HttpServlet

{

String password;

public void doGet(HttpServletRequest request,HttpServletResponse response)

throws ServletException, IOException

{

PrintWriter out = response.getWriter();

RequestDispatcher rq=request.getRequestDispatcher("home.html");

rq.include(request,response);

}

}

7.SCREEN SHOTS

46

Page 47: anti phishing attacks

PREVENTING PHISHING ATTACKS

LOGIN FORM:

Login page allows user to login here by entering username and password to access his account.

47

Page 48: anti phishing attacks

PREVENTING PHISHING ATTACKS

REGISTRATION PAGE:

Registration page where user can enter details and create a new account .

48

Page 49: anti phishing attacks

PREVENTING PHISHING ATTACKS

INBOX:

Inbox displays messages to user.

49

Page 50: anti phishing attacks

PREVENTING PHISHING ATTACKS

PHISH BOX:

Phish box displays phishing mails received by the user.

50

Page 51: anti phishing attacks

PREVENTING PHISHING ATTACKS

COMPOSE MAIL BOX:

Compose mail box allows user to send messages to different people.

51

Page 52: anti phishing attacks

PREVENTING PHISHING ATTACKS

EXECUTION

Process of Execution that takes at the time of running of project.

52

Page 53: anti phishing attacks

PREVENTING PHISHING ATTACKS

8. SYSTEM TESTING

Testing is performed to identify errors. It is used for quality assurance. Testing is an integral part of the

entire development and maintenance process. The goal of the testing during phase is to verify that the

specification has been accurately and completely incorporated into the design, as well as to ensure the

correctness of the design itself.

For example the design must not have any logic faults in the design is detected before coding

commences, otherwise the cost of fixing the faults will be considerably higher as reflected. Detection of

design faults can be achieved by means of inspection as well as walkthrough.

Testing is one of the important steps in the software development phase. Testing checks for the errors,

as a whole of the project testing involves the following test cases:

Static analysis is used to investigate the structural properties of the Source code.

Dynamic testing is used to investigate the behavior of the source code by executing the program on the

test data.

8.1 TEST DATA AND OUTPUT

8.1.1 UNIT TESTING:

Unit testing is conducted to verify the functional performance of each modular component of the

software. Unit testing focuses on the smallest unit of the software design (i.e.), the module. The white-box

testing techniques were heavily employed for unit testing.

8.1.2 VALIDATION TESTING:

Validation testing is used to test whether the user has entered details correctly or not.

Validation testing is applied for each of the fields present in the form or an application. The below login

form indicates that the user name and password are not entered by user. So, on

Clicking submit button the error message displayed as ‘This is required field’.

53

Page 54: anti phishing attacks

PREVENTING PHISHING ATTACKS

Validation Testing:

Validation will be checked when user not fills details fields.

8.1.3. INTEGRATION TESTING:

Integration testing is a systematic technique for construction the program structure while at the same

time conducting tests to uncover errors Sof modules which makes up the product. The objective is to take

untested modules and build a program structure tester should identify critical modules. Critical modules

should be tested as early as possible. One approach is to wait until all the units have passed testing, and

then combine them and then tested. This approach is evolved from unstructured testing of small programs.

Another strategy is to construct the product in increments of tested units.

A small set of modules are integrated together and tested, to which another module is added and tested

in combination. And so on. The advantages of this approach are that, interface dispenses can be easily

found and corrected.

54

Page 55: anti phishing attacks

PREVENTING PHISHING ATTACKS

The major error that was faced during the project is linking error. When all the modules are combined

the link is not set properly with all support files. Then we checked out for interconnection and the links.

Errors are localized to the new module and its intercommunications. The product development can be

staged, and modules integrated in as they complete unit testing. Testing is completed when the last

module is integrated and tested.

Integration Testing:

This error message will be displayed when integration between database and process.

55

Page 56: anti phishing attacks

PREVENTING PHISHING ATTACKS

9. CONCLUSION

Phishing has becoming a serious network security problem, causing finical lose of billions of dollars

to both consumers and e-commerce companies. And perhaps more fundamentally, phishing has made e-

commerce distrusted and less attractive to normal consumers. In this paper, we have studied the

characteristics of the hyperlinks that were embedded in phishing e-mails.

We then designed an anti-phishing algorithm, Link-Guard, based on the derived characteristics.

Since Phishing-Guard is characteristic based, it can not only detect known attacks, but also is effective to

the unknown ones. We have implemented Link Guard for Windows XP. Our experiment showed that Link

Guard is light-weighted and can detect up to 96% unknown phishing attacks in real-time.

We believe that Link Guard is not only useful for detecting phishing attacks, but also can shield

users from malicious or unsolicited links in Web pages and Instant messages.

56

Page 57: anti phishing attacks

PREVENTING PHISHING ATTACKS

10. FUTURE ENHANCEMENT

Our future work includes further extending the Link Guard algorithm, so that it can handle CSS

(cross site scripting) attacks.

Cross-site scripting (CSS) is a type of computer security vulnerability typically found in web

applications which allow code injection by malicious web users into the web pages viewed by other users.

Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting

vulnerability can be used by attackers to bypass access controls such as the same origin policy.

Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued

(due to confusion with Cascading Style Sheets).

57

Page 58: anti phishing attacks

PREVENTING PHISHING ATTACKS

11. BIBLIOGRAPHY

1) Androutsopoulos, J. Koutsias, K.V Chandrinos, and C.D. Spyropoulos.An Experimental Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Encrypted Personal E-mail Message.In Proc. SIGIR 2000, 2000.

2) The Anti-phishing working group. http://www.antiphishing.org/.Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh, and John C.Mitchell. Client-side defense against web-based identity theft. In Proc.NDSS 2004, 2004.

3) Cynthia Dwork, Andrew Goldberg, and Moni Naor. On Memory-Bound.Functions for Fighting Spam. In Proc. Crypto 2003, 2003.

4) EarthLink. ScamBlocker. http://www.earthlink.net/software/free/toolbar/.5) David Geer. Security Technologies Go Phishing. IEEE Computer, 38 (6):18-21, 2005.6) John Leyden. Trusted search software labels fraud site as safe’.

http://www.theregister.co.uk/2005/09/27/untrusted- search/.7) Microsoft. Sender ID Framework. http://www.microsoft.com/

8) mscorp/safety/technologies/senderid/default.mspx.

9) Net craft. Net craft toolbar. http://toolbar.netcraft.com/.

10) PhishGuard.com. Protect Against Internet Phishing Scamshttp://www.phishguard.com/.

11) Jonathan B. Postel. Simple Mail Transfer Protocol. RFC821:http:llwww.ietf. org/rfc/rfcO82 1 .txt.

12) Georgina Stanley. Internet Security - Gone phishing.http://www.cyota.com/news.asp?id=1 14.

13) Meng Weng Wong. Sender ID SPF.http://www.openspf.org/whitepaper.pdf.

58