Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection

In today’s cyber era, Internet of Things (IoT) based products are increasingly adopted by users for various purposes. Accesses to these systems are facilitated via a web application to the end user. Traditionally, Phishing attacks were targeted toward banking and financial systems. With the rise in usage of IoT, the attack surface increases. Along with IoT specific attacks, attackers are targeting users with Phishing to steal passwords in order to gain access to IoT devices like security cameras. Phishing is an online attack that has been around for more than two decades. Though there are advanced prevention and detection mechanisms designed and developed by researchers and organizations, statistics show that Phishing has been on the rise. Often, there is a monetary incentive for the bad actor that carries out a phishing attack. This motivates attackers to advance their evasion mechanisms and maintain the status quo as a race between detection and evasion. A methodology Phish-Sec was introduced which paves a way to counter Phishing attacks in a pro-active manner by aggregating signatures of legitimate websites at the source. Phish-Sec involves determining uniqueness across ‘n’ websites. This manuscript provides the mathematical solution using intersection to determine the uniqueness of a visited web page. Iterative intersection is incorporated with Phish-sec to facilitate poison avoidance in its back-end system. By this, Phish-Sec can be expanded to a variety of applications, including non-financial based systems like IoT. It is proved that the overall efficiency of Phish-Sec increases along with its expansion capabilities. The true positive achieved by phish-sec is 99.15% which is 0.15% higher.