Design and Implementation of a Phishing Detection System Base on the Android Operating System
|School||Beijing University of Posts and Telecommunications|
|Keywords||Android Anti-phishing Multi-factor Similarity|
Phishing is a kind of criminal activity conducted by phishers through creating and releasing fraud webpage copies of the normal login or cash transaction pages, which results in the leak of personal information such as credit card number, user account and password etc.With the combination of mobile communications and internet technology, the mobile internet has developed into one of the most popular areas in recent years, which holds the most market demands and value-added services. At the same time, phishing is silently spreading into the smart phone platform, and gradually becoming the spot of the most serious security threat.After doing a lot of analysis and research on the characteristics of the phishing websites, this document proposed a phishing detection method and deployed it to the mobile internet gateway based on the Client/Server mechanism for the Android OS users. The system pays attention to the net-surfing security for the Android platform, aiming to provide a light-weight website filtering model for the Android users.Main points of this article are listed below:1. After detailed analysis and comparison based on the existing phishing detection mechanism on the personal computer and summary of large quantity of URL examples, this article designed and implemented a new phishing detection system, which managed the phishing identification by deploying the multi-factors evaluation on the characteristics of the websites’ URL and page contents similarity.2. Considering the lack of effective light-weight phishing detection software on the Android market, we styled and developed a system for this exact use after doing research on the Android OS and grasping the essential part in the software programming under this OS.3. The final section of the article carried out the deployment and verification of the main modules of the system proposed through building the simulated environment and the put extra emphasis on the vital indicators of the server detection engine. It is proved that the phishing recognition model proposed is reliable and at the same time holds a high accuracy and the whole system’s feasibility on the mobile terminals.