Detection of Phishing URLs using Bayes Net and Naïve Bayes and evaluating the risk assessment using Attributable Risk
DOI:
https://doi.org/10.26438/ijcse/v6i5.750755Keywords:
Attributable Risk, Bayes Net, Naïve Bayes, Phishing, Risk AssessmentAbstract
Phishing sites are manufactured or spurious URLs that are made by malignant people to imitate or imitate URLs of genuine URLs. An extensive bit of these sorts of URLs have most elevated twin to trap their casualties for tricks. Unwary Web customers may be successfully betrayed by this kind of trick. The effect is the break of data security through the exchange of private information and the losses may encounter the bad effects of financial losses and more example hacking. In this paper detection of phishing URLs is done by using Bayes net and Naïve Bayes algorithm and evaluation of risk regarding phishing URLs is done with the help of attributable risk. A training dataset of 1800 URLs (containing 1080 legitimate and 720 phished URLs) has been made to train the algorithms. Testing dataset of 720 URLs (containing 288 legitimate and 432 phished URLs) is used for making predictions using the DAG model classifier which is generated after the training of Bayes Net and Naïve Bayes Algorithm. True negative rate, True positive rate, false negative rate, false positive rate, Error rate and Accuracy are calculated after testing dataset by DAG classifier. Result shows Bayes Net has an accuracy of 71.3% and the Naïve Bayes has an accuracy of 80.5% and calculation of risk is done on the basis of attributable risk. If risk percentage for the URLs attributes is greater than 80% then risk is high, if it is between 50-80% then risk is medium and below 50% risk is low.
References
[1] B. K. Alese, O. Oyebade, O. A. Festus, O. Iyare, and A. F. Thompson, “Evaluation of information security risks using hybrid assessment model,” The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), pp. 387–395, 2014.
[2] C.-T. Kuo, H.-M. Ruan, C.-L. Lei, and S.-J. Chen, “A Mechanism on Risk Analysis of Information Security with Dynamic Assessment,” 2011 Third International Conference on Intelligent Networking and Collaborative Systems, pp. 643–646, 2011.
[3] A. Tamjidyamcholo, “Information security risk reduction based on genetic algorithm,” Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 122–127, 2012.
[4] L. Zhou and Y. Zhou, “Gray relational analysis based method for information security risk assessment,” 2012 7th International Conference on Computer Science & Education (ICCSE), pp. 1086–1089, 2012.
[5] J. Bhattacharjee, A. Sengupta, and C. Mazumdar, “A formal methodology for Enterprise Information Security risk assessment,” 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–9, 2013.
[6] X. Wu, Y. Shen, G. Zhang, and H. Zhi, “Information security risk assessment based on D-S evidence theory and improved TOPSIS,” 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS), pp. 153–156, 2016.
[7] A. Fernandez and D. F. Garcia, “Complex vs. simple asset modeling approaches for information security risk assessment: Evaluation with MAGERIT methodology,” 2016 Sixth International Conference on Innovative Computing Technology (INTECH), pp. 542–549, 2016.
[8] G. Wangen, “Information Security Risk Assessment: A Method Comparison,” Computer, vol. 50, no. 4, pp. 52–61, 2017.
[9] S. Kondakci, “A causal model for information security risk assessment,” 2010 Sixth International Conference on Information Assurance and Security, pp. 143–147, 2010.
[10] J. Wang, K. Fan, W. Mo, and D. Xu, “A Method for Information Security Risk Assessment Based on the Dynamic Bayesian Network,” 2016 International Conference on Networking and Network Applications (NaNA), 2016.
[11] X. Chen, I. Bose, A. C. M. Leung, and C. Guo, “Assessing the severity of phishing attacks: A hybrid data mining approach,” Decision Support Systems, vol. 50, no. 4, pp. 662–672, 2011.
[12] M. R. Aburrous, A. Hossain, K. Dahal, and F. Thabatah, “Modelling Intelligent Phishing Detection System for E-banking Using Fuzzy Data Mining,” 2009 International Conference on CyberWorlds, pp. 265–272, 2009.
[13] R. M. Mohammad, L. Mccluskey, and F. Thabtah, “Intelligent rule-based phishing websites classification,” IET Information Security, vol. 8, no. 3, pp. 153–160, Jan. 2014.
[14] M. Shukla, S. Sharma “Analysis of Efficient Classification Algorithm for Detection of Phishing Site,” International Journal of Scientific Research in Computer Science and Engineering, vol. 5, no. 3, pp. 136–141, Jun. 2017.
[15] A. Singla, K. Jain, A. Gairola “Delving into Security of networks-Time’s Ned,” International Journal of Scientific Research in Network Security and Communication, pp. 1-8, Oct. 2014.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
