MA work completed: Holistic Approach to detect Phishing Websites

Author: Marco Madritsch

Supervisor: Peter Schartner (AINF/syssec)

In cooperation with: Marcus Hassler (econob)

A phishing attack attempts to encourage the victim to reveal sensitive information by the use of fake massages and manipulated websites. This thesis deals with the conception and prototypical development of a holistic approach in order to detect phishing websites. The architecture consists of a client-side browser extension for Mozilla Firefox and a server-side RESTful web service (see Figure 1). The implemented analysis process comprises a total of six superordinate analysis steps and evaluates a website on the one hand on the basis of certain heuristics and on the other hand on the basis of a classifier and the individual surfing behavior pattern of the respective user. The results of the prototype evaluation showed an accuracy of 84.17%, with a sensitivity of 78.13% and a specificity of 90.22%.

Figure 1: Architecture of the Anti-Phishing Concept