ABHINAV

International Monthly Refereed Journal of Research in Management & Technology Special Issue ISSN 2320-0073

154

ANTI-PHISHING ENABLED WEB BROWSER TO PREVENT HACKING WITH STEGANOGRAPHY AND CRYPTOGRAPHY
*Sumeet Jaisinghani **Priyanka Sharma ***Renuka Wagh ****Pooja Thete Student, SND College of Engineering& Research Centre Yeola, India

ABSTRACT Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. In our project, instead of preventing human users from biting the bait, we propose a new approach to protect against phishing attacks with bogus bites. We develop Browser, a unique client-side anti-phishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. Our browser conceals a victims real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, our browser is complementary to existing preventive anti-phishing approaches. Also the additional functionalities are included in the browser as the Steganography and the Encryption & Decryption of the data or E-mail Keywords: Anti-phishing, browser, hacking, phishing, Steganography, Cryptography INTRODUCTION Our project provides anti-phishing by automatically avoiding phish site (fake site) as we have to specify the site which can redirect to fake site. and when we open our system when we again wants to open that affected site then our Phish-tank looks for if that site have been requested for proving anti-phishing or if not so then it checks that site is of the category whose fake site or phish site is present on internet on not, and then it will avoid the phish site and redirect to the original site. A. Project Scope Can used for the secure browsing and to prevent information from the hackers. For secure and safe communication via Steganography and the Encryption / decryption of the data. Very easy to use and useful for securing information. As there are many browsers which provide the anti-phishing technique there is one overhead of identifying the phishing sites by practice or knowledge, so we are going to develop a Browser where the phish site will automatically rejected by browser if it found conflict. LITERATURE SURVEY The World Wide Web (WWW) is a shared information system which operates on top of the Internet. Web browsers access that content and display from remote web servers using a stateless and anonymous protocol called Hypertext Transfer Protocol (HTTP). The other features of the Browsers are bookmarking, history, password management, and accessibility features to put up users into the inability. [5] Phishing can be classified into various types of attacks depending on the various channels of propagation. [6] These include malware, phishing emails, fake Web sites, and identity theft. Malware is an

Proceedings of National Conference on Trends in Management, Engineering & Technology

ABHINAV
International Monthly Refereed Journal of Research in Management & Technology Special Issue ISSN 2320-0073

155

application with malicious code that is distributed to the public via email or malicious Web sites. The active attack and the passive attack can be happen with phishing as replay attack, masquerade attack, denial of service attack. When victims access phishing emails or phishing Web sites, there is a chance that malware will be installed on the host computer and

will steal personal information related to the customer surreptitiously. [8] The Mozilla Firefox which was first browser with the technique of preventing phishing attack. The Mozilla Firefox then has been which was implemented in middle 2004 have introduced the anti phishing technique plugged in with the browser.

Fig. 1. Phishing attack report upto September 2012[4] Table 1. Released History for all Major Web Browser Sr. no. 1 2 3 4 Browser name LYNX Mosaic Netscape Internet Explorer Opera konqueror Galleon safari Closed source 1.0,2.0 1.0,2.0(96) ,3.0(97) 1.0,2.0(95),3.0(96), 4.0(97),4.5(98) 1.0,2.0,3.0(95)4.0(9 7)5.0(99),5.5(00),6.0 (01) 7.0(06),8.0(09) 2.0(96),3.0(97) 4.0-6.0(00)7.0(03), 1.0(98),2.0(00,3. 0 (02) 1.0(01),1.2(02) 1.0(03),2.0(0 5)3.0(07), 3.1(08),4.0 (09),5.0(10) 1.0,1.5(05),2.0(0 6) 3.0(08), 3.5 (09),3.6(10) 4.09.0(11) 10.0(12) 5.1 (july 011) Open source 2.4(95) Hybrid 6.0(00),7.0 (02)8.0(05) 9.0 (march 14 11) 11.61 (feb 12) Latest version 2.85(04)

5 6 7 8

Firefox

16.1(dec 12)

Proceedings of National Conference on Trends in Management, Engineering & Technology

ABHINAV
International Monthly Refereed Journal of Research in Management & Technology Special Issue ISSN 2320-0073

156

Table 1. Released History for all Major Web Browser (Contd.) Sr. no. 10 Browser name Chrome Closed source 1.0(08),2.0,3.0(09) 4.0-8.0(2010) 9.0-16.0(2011) Open source Hybrid Latest version 17.0(12)

History of Anti-Phishing Now days there are number of antiphishing solutions are available. Some approaches attempt to solve the phishing problem at the e-mail level. That is, they try to prevent phishing e-mails from reaching the potential victims by means of filters and content analysis. [4] In 2005, Mozilla have developed Firefox anti-phishing browser plug-in called AntiPhish. After releasing Anti-Phish it has been port to the Microsoft Internet Explorer (IE) browser. [1]. Supporting IE was important because a majority of Internet users are accessing the web with this browser. So, browser plug-ins is conceptually similar with the implementation of the new anti-phishing browser. The different basic anti-phishing techniques are Social response, technical response, helping to identify legitimate websites, Augmenting password logins, Eliminating phishing mail, Monitoring and takedown. In our project we are also developing the phishing detection technique which will be plugged in with the browser. Present Theory & Practices Phish-Tank is an anti-phishing site. PhishTank was launched in October 2006 by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers a community-based phish verification system where users submit suspected phishes and other users "vote" if it is a phish or not.[7] Other browser like Mozilla, Opera provide avoiding phishing but you have to specify the IP address of fake site or block the sites which can lead into phishing or hacking[5].

Spam Filters and Blacklists One approach relies on spam filters and blacklists to automatically prevent users from visiting a phishing Web page. Already there are many phishing-specific filters for popular email software (e.g., Exchange Server 2003 SP2, Outlook, and Spam Assassin. [9] The Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors. The APWG collects, analyzes, and exchanges lists of verified credential collection sites, like those used in Phishing. [4] Proposed System Architecture The above Diagram shows the Block Diagram of the Anti-phishing browser, in which the system is providing security to the user form the phish site, as the phish Container is containing the information about the Domain Name and the IP addresses of the fake sites. It works as when user enter the domain name or have clicked on any web Link which can redirect to the phish site, then the Anti-phishing system check if the entered domain or IP is of phish contents or not by comparing with the information stored into the phish container. And if it founds conflict then the phish container will redirect to the original site by avoiding to the phish site. And if the domain or entered IP is of the original contents then it will redirect to the original in the secured mode. The Anti-phishing system contains the browser which is plugged in with the phish container and it will identify the phish site

Proceedings of National Conference on Trends in Management, Engineering & Technology

ABHINAV
International Monthly Refereed Journal of Research in Management & Technology Special Issue ISSN 2320-0073

157
the

and automatically redirect it to the original site, which leads into the securing the

information of the user from unauthorized access. Proposed

Fig. 2. Block Diagram of the Anti-phishing Browser Functionality of Browser a) Browser: The browser must be plugged in with the Phish-Container so in that IP addresses can be identified and can insert into the phish-Container. Our browser has the standard functions as all other browsers work. b) Phish-Container: It must contain the IP addresses of the more phish sites and redirecting must be reliable. The phish container can be used for checking the site if it is fake or not, and site which is not included into phish container can be reported as phish site by browser if it founds conflicts. c) Steganography: The image provided to the system must be of good quality and text must be as after processing of the Steganography there should not be any loss of the data. By steganography we can hide any data into the Image. d) Encryption/Decryption: The key generated after the encryption and the encrypted message must not be guessable. By this we can protect our data from the hackers/unauthorized user by converting it into the unreadable and encoded form.

Fig. 3. Functional Diagram of Browser

Proceedings of National Conference on Trends in Management, Engineering & Technology

ABHINAV
International Monthly Refereed Journal of Research in Management & Technology Special Issue ISSN 2320-0073

158

Advantage Extending client. Security identifying phish

Lab, Technical University of Vienna tr,ek,chris}@seclab.tuwien.ac.at. 2. Bose and A. C. M. Leung, "Unveiling the mask of phishing: Threats, preventive measures, and responsibilities," communications of the Association for Information Systems, vol. 19, pp. 544566, 2007. 3. Kirda and C. Kruegel, Protecting users against phishing attacks, The Computer Journal, 2005. 4. [4] Anti Phishing Work Group. Phishing attacks trends report.Q3 2012 http://www.antiphishing.org, Dec. 2007. 5. "A Reference Architecture for Web Browsers"Alan Grosskurth and Michael W. Godfrey School of Computer Science University of Waterloo, Waterloo, ON N2L 3G1 Canada {agrossku,migod}@uwaterloo.ca 6. Ross, C. Jackson, N. Miyake, D. Boneh, and J. Mitchell, A browser plug-in solution to The unique password problem, http:// crypto.stanford.edu/PwdHash/,2005. 7. L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng, Detection of phishing WebPages based on visual similarity. 8. World of Computer Science and IT Journal (WCSIT) ISSN: 2221-741, 2011 i mplementing a Web Browser with Phishing Detection Techniques" Aanchal Jain Prof. Vineet Richariya vineet_rich@ yahoo.com Lakshmi Naraian College of Technology, Bhopal(M.P.), India 9. iTrustPage: A User-Assisted AntiPhishing Tool Troy Ronda Dept. of Computer Science University of Toronto Stefan Saroiu Dept. of Computer Science University of Toronto Alec Wolmann Microsoft Research. 10. H. Witten and E. Frank, Data Mining: practical machine learning tools and techniques

Private Browsing. No need of self identifying phish sites. The user side information will be kept secure. The phish container is highly protected from unauthorized users.

Applications This System can be used for secure mailing via Stegnography and encryption and decryption. In banking application to make secure transaction. Useful for providing security to the clients by the organization which use that Anti-phishing system

CONCLUSION We are going to develop an Anti-phishing browser using which the phishing can be brought under control, which leads to secure browsing by user. Also includes the enhanced functionality as Steganography and encryption and decryption of Email. As the number of phishing scams continues to grow and the costs of the resulting damages increases, we believe that Anti-Phishing is a step in the right direction and a useful contribution for protecting users against spoofed web site-based phishing attacks. A phish container server and its client, both the software are responsible for identifying the specified site is phish site or not and also provide the facility to report any site as a phishing site which can be add to phish container after cross verification. REFERENCES 1. Building Anti-Phishing Browser PlugIns: An Experience Report Thomas Raffetseder, Engin Kirda, and Christopher Kruegel Secure systems

Proceedings of National Conference on Trends in Management, Engineering & Technology