Preventing Digital Identity Theft Using Fundamental Characteristics

The social engineering strategy, used by cyber criminals, to get confidential information from Internet users is called Digital Identity Theft. It continues to trick Internet users into losing time, money and productivity. A common way to steal digital identity is through phishing. The trends and patterns in such attacks keep on changing over time and hence the detection algorithm needs to be robust and adaptive. Although, many attacks work by luring Internet users to a webs site designed to trick them into revealing sensitive information, recently some attacks have been found that work by either installing malware on a computer or by hijacking a good web site. This thesis presents effective and comprehensive classifiers for both kinds of attacks, classical or hijack-based, with a focus on the latter. According to the literature study, this seems to be the first to consider hijack-based phishing attacks. This thesis focuses on the fundamental characteristics of target websites, attacked websites and introduces new features and techniques for detection. Some of the techniques are equally effective for zero-hour phishing web site detection. It presents results of these classifiers and combination schemes on datasets extracted from several sources. It is shown that the content-based classifier achieves good performance despite the difficulty of the problem and the small size of white list. One of the combination schemes achieved detection rate of over 92% for phishing web sites with false positive rate of less than 0.7% (without Internet search) and 0% false positive rate is also possible with reasonable detection rate of over 74% (with Internet search). Moreover, the classifiers presented are also language independent.