PhisherHunter: Module design for automatic detection of phishing websites and preventing user abuse

Ganal, Samet; K���ksille, Ecir U�ur; Yal��nkaya, Mehmet Ali

Volume : 30 Issue : 2 Year : 2024

30/2Current Issue Ahead of Print Archive Most Accessed Articles Manuscript Submission

PhisherHunter: Module design for automatic detection of phishing websites and preventing user abuse [Pamukkale Univ Muh Bilim Derg]

Pamukkale Univ Muh Bilim Derg. 2023; 29(5): 468-480 | DOI: 10.5505/pajes.2022.22470

PhisherHunter: Module design for automatic detection of phishing websites and preventing user abuse

Samet Ganal¹, Ecir U�ur K��ksille², Mehmet Ali Yal��nkaya³
¹HSBC, Cyber Security Management, Istanbul
²Suleyman Demirel University,Faculty of Engineering, Department of Computer Engineering, Isparta
³Ahi Evran University, Faculty of Engineering and Architecture, Department of Computer Engineering, K�r�ehir

One of the most common cyber-attacks that users encounter on the internet are phishing websites. In the attacks that are performed on phishing websites, real websites are duplicated and published on different domain names, and users are directed to these fake websites through various social engineering techniques. Through to the website to which users are directed, they transmit some personal and confidential data such as credit card, username-password details to attackers. In this study, the establishment of the infrastructure and content of phishing internet sites has been explained, a tool named PhisherHunter created, and four different methods have been developed so as to detect such websites. Through the examination of newly registered websites, which is the main detection method, a successful detection rate of 95.4% has been achieved. Three different methods have been used in the active defense part of the study. Firstly, the hosting company has been automatically determined to stop the publication of the phishing website and a notification has been sent with a success rate of 98%. As the second active defense method, the active honeypot technique has been developed. The active honeypot method aims to enter a marked information on the phishing website and to track this information on the real website. And as the last active defense method, the method of poisoning phishing websites by using fake data has been developed. It has been observed that poisoning methods by using the techniques of active honeypot and fake data have achieved a success of 92%.

Keywords: Phishing, Phishing website, Active defense

OltalamaAvc�s�: Oltalama internet sitelerinin otomatik tespiti ve kullan�c� istismar�n�n �n�ne ge�ilmesi i�in mod�l tasar�m�

Samet Ganal¹, Ecir U�ur K��ksille², Mehmet Ali Yal��nkaya³
¹HSBC, Siber G�venlik M�d�rl��, �stanbul
²S�leyman Demirel �niversitesi, M�hendislik Fak�ltesi, Bilgisayar M�hendisli�i Ana Bilim Dal�, Isparta
³Ahi Evran �niversitesi, M�hendislik Mimarl�k Fak�ltesi, Bilgisayar M�hendisli�i Ana Bilim Dal�, K�r�ehir

G�n�m�z d�nyas�nda bilgisayar ve mobil cihazlar�n kullan�m�n�n yayg�nla�mas� internet kullan�m�n�n giderek artmas�na neden olmaktad�r. Kullan�c�lar�n internet ortam�nda en �ok kar��la�t�� siber sald�r�lardan biri oltalama internet siteleridir. Oltalama internet siteleri �zerinden ger�ekle�tirilen sald�r�larda, ger�ek internet siteleri kopyalan�p farkl� alan adlar� �zerinden yay�n yap�lmakta ve kullan�c�lar bu sahte internet sitelerine �e�itli sosyal m�hendislik teknikleriyle y�nlendirilmektedir. Kullan�c�lar y�nlendirildikleri internet sitesine g�re; kredi kart�, kullan�c� ad�-�ifre bilgileri gibi ki�isel ve gizli verilerini sald�rgana iletmi� olmaktad�r.Bu �al��mada; oltalama internet sitelerinin altyap�s�n�n ve i�eri�inin olu�turulmas� anlat�lm��, bu t�r internet sitelerini tespit etmede kullan�lacak 4 farkl� metot geli�tirilmi�tir. Ana tespit y�ntemi olan yeni kay�tl� internet sitelerinin incelenmesi ile beraber %95.4�l�k ba�ar�l� tespit oran�na ula��lm��t�r. �al��man�n aktif savunma k�sm�nda �� farkl� y�ntem kullan�lm��t�r. �lk olarak oltalama internet sitesi yay�n�n�n durdurulmas� i�in yer sa�lay�c� firma otomatik olarak tespit edilmi� ve %98 ba�ar� oran�yla bildirim g�nderilmi�tir. �kinci aktif savunma y�ntemi olarak aktif bal k�p� (honeypot) tekni�i geli�tirilmi�tir. Aktif bal k�p� y�ntemi oltalama internet sitesine i�aretli bir bilgi girilmesi ve bu bilginin ger�ek internet sitesinde takibini ama�lamaktad�r. Bu y�ntem ile sald�rgana ait pek �ok veri elde edilebilmektedir. Son aktif savunma y�ntemi olarak, oltalama internet sitelerini sahte veriler ile zehirleme metodu geli�tirilmi�tir. Bu y�ntem ile oltalama internet sitelerinin girdi alanlar� otomatik tespit edilmekte ve �ok fazla sahte veri g�nderilerek ger�ek kullan�c� bilgilerinin sald�rganlar taraf�ndan ay�rt edilmesi �nlenmeye �al��lm��t�r. Aktif bal k�p� ve sahte veri ile zehirleme y�ntemlerinin %92 ba�ar� elde etti�i g�r�lm��t�r.

Anahtar Kelimeler: Oltalama, Oltalama �nternet Sitesi, Aktif savunma

Samet Ganal, Ecir U�ur K��ksille, Mehmet Ali Yal��nkaya. PhisherHunter: Module design for automatic detection of phishing websites and preventing user abuse. Pamukkale Univ Muh Bilim Derg. 2023; 29(5): 468-480

Corresponding Author: Samet Ganal, T�rkiye
Manuscript Language: English

TOOLS Full Text PDF Print Download citation RIS EndNote BibTex Medlars Procite Reference Manager Share with email Share Send email to author Similar articles Google Scholar