Client-Side Counter Phishing Application Using Adaptive Neuro-Fuzzy Inference System

Phishing is an online scam which involves identity theft of unsuspecting users, by which an attacker steals the personal information of users, such as user ID or password. E-mails, instant messaging and web pages are used in carrying out such attacks, out of which Phishing using e-mails is the most dominant method. E-mails containing hyperlinks of Phishing websites are sent by the attacker, who disguises himself as a trusted source, such as customer care centre of a bank or stock broking firm. In this paper, a design is proposed to detect phishing e-mails present in a user´s mailbox. The application has been implemented using an intelligent hybrid technique, Adaptive Neuro-Fuzzy Inference System (ANFIS). E-mails present in a user´s mailbox are retrieved and checked for the number of occurrences of each type of phishing indicator. These values of phishing indicators are fed as input to ANFIS, which gives an output value corresponding to each e-mail. This output value is used to categorize the e-mail as genuine, suspicious or phishing e-mail. Thereafter warning is generated to inform the user regarding the presence of phishing e-mails in mailbox. This is a preventive and proactive technique, which detects phishing activity even without opening a phishing web page. The combined strength of the Neural networks and Fuzzy logic makes our approach very powerful. Neural network lets the system learn and adjust its parameters, whereas Fuzzy logic ensures human like knowledge representation and decision making. This concept has been used for the first time which provides results with high accuracy. The application has been tested on a mix of 100 genuine and phishing e-mails and provides no false positives and false negatives.