Runtime Detection of Phising Attack Using Syntactic Verification through Web Services (Published)
Providing a secure service in web applications is a growing concern and real challenge in web security. Among the various types of web application attacks, phishing is the most common type of attack. It often direct the users to enter details at a fake website whose look and feel are almost identical to the legitimate site. Present tools are cannot completely detect the phishing attacks, that leverage vulnerabilities in trusted web applications. This paper attributes to identify phishing web sites by analyzing and validating the Uniform Resource Locator (URL), Hyperlink in web pages and syntactic verification of Hyperlink. As URLs are following the common standard RFC 1738, we have developed a schema for converting the URL into XML for verifying the URL. The detection of Phishing web sites implemented by means of two layered web services. Our web services are an independent layered module in a web application and detect and prevent the phishing attacks.
Keywords: Hyperlink, IP Address, Input Validation, Phishing, Scammer, URL, Web Service, XML Schema.