Mitigating Man-in-the-Browser AttacksUsing Artificial Immune Systems

Bejoy B J,Dr.S. Janakiraman

The growth of internet banking, however, has invited the attention of malicious users into this domain. These unauthorized users use advanced mechanisms to alter the user data in internet banking. Man-inthe- browser (MitB) is a top listed attack on the authenticity of data when it is transmitted. These attacks are a specialized version of the Man-in-the-Middle attack.MitB attacks intercept data as it is transmitted over a secure communication between a client and a server. The client is the browser and attack happens even before data is encrypted or after the data is decrypted. Here a behavior-based fraud detection system using Artificial Immune System(AIS) is proposed. The system uses Natural Killer Cells(NK) of AIS for detecting unauthorized users and prevent them from hijacking the details of an authorized internet transaction. Here based on user behavior, selfset is created for each user and NK cells are created based on the self-set using negative selection algorithm. The incoming transaction details are converted to Major Histocompatibility Complex Class I (MHC1). This MHC1 is submitted to the detectors. If the detector detects the transaction, then the user is authenticated with the third factor of the three-factor authentication mechanism used. If the transaction is not detected by the detector, then only the default two-factor authentication is necessary

Volume 11 | 08-Special Issue

Pages: 1611-1620