Detection Model for Pharming Attack Based on IP-Address Check and Website Predictability

Abstract

With the deployment of broadband Internet access, the importance of saving sensitive personal and financial information becomes more troubling, so it has become necessary to search for appropriate and effective solutions to keep this information from theft and tampering by attackers. Pharming attack -the sophisticated version of phishing attack - is one of the greatest concerns for users who deal with sensitive information, because the attacker makes an ideal copy of the site, and manipulates the DNS (Domain Name System) to route the user to that fraudulent site, then steels the information. In this work, we have defined a new model to defeat pharming attacks on client side. This model depends on a two-step solution; first IP address check to be sure there is not any manipulation on DNS server, then the second step is to make classification on the websites to predict the pharming sites if any exists. The second part of the solution is to strengthen the solution using Naïve Bayes classification approach which is one of the Data Mining techniques. With over 96.7% success we evaluated our model.