1 www.ccdcoe.org/245.html Abstract — Instant Messaging Systems (IMS) generically cannot detect many deceptive phishing attacks; hence they are vulnerable for cyber frauds. To overcome, we propose an Active-Phishing Detection System (APDs), developed using Data Mining (Rule-based) and Ontology. APDs monitor the user’s psychology and predict type of the detected phishing activity with an alert to achieve zero-minute phishing attacks. I. INTRODUCTION The APDs, dynamically predicts any potential deceptive phishing attacks, when instant messages are exchanged between users of an IMS. Currently, IMS lacks a stronger mechanism to deal with phishing at content-level. Few researchers proposed various methods to detect phishing attacks [1] [2]. But, lack the Rule-based method without Ontology [5], and trapping the users into deceptive phishing attacks [3]. The emails of Google are categorized into Primary, Social, Updates, and Forums, ignoring the issues of phishing attacks. Recently, leaked news of PRISM-NSA as one of the largest surveillance programs monitoring the Networks exploiting against cyber international law 1 . II. PROPOSED ACTIVE-PHISHING DETECTION SYSTEM The operational Framework of APDs is shown in Fig. 1. The APDs algorithm initiates the steps to capture the phishing words that are exchanged between the users and then stores them into database for identifying phishing words using pre-defined phishing rules of Table I. The APD algorithm is shown in Fig. 2. In APDs, the Monitoring system program identifies the culprit details of Phisher and report to the victim client. Steps of algorithm are illustrated as follows: Fig. 1. Proposed Framework (APDs) to detect phishing messages from Instant Messaging Systems (IMS). Fig. 2. Schematic cum algorithmic representation for proposed Framework named as APD algorithm. 1. In this step, the phishing words are identified by using GSHL and Tree Alignment Algorithms as discussed in [4]. These messages are stored in Text database (TDB), where unnecessary words are filtered using Ontology Based Information Extraction technique (OBIE) (stemming, N-gram technique, ignore words) [6] [7]. 2. The frequently recurring words are extracted from the TDB dynamically using Association rule mining technique [8] and SSPWDB (pre-defined rules) guided with Ontology database (ODB), later these words are pushed to TPDB. The metadata is a gist of information related to instant messages. 3. Once the Phishing words are detected, the message is considered as suspicious, as given in Table I (rule 1). The KDB maintains the detected stem words along with the domain (i.e. type of Phishing activity). 4. Profile details are traced from EDB, which are provided during the creation of an email id, with the aid of Relational Wrapper Algorithm [9]. 5. The email- id through which the phishing words are sent is tracked using metadata, and the victim is alerted. APDs: Framework for Surveillance of Phishing words in Instant Messaging Systems Using Data Mining and Ontology Mohd. S. Qaseem, Mohd. Nayeemuddin, M. M. Ali, Owais A.W. Siddiqui, and Md. Abdul Rafae Mohammed. S. Qaseem is with Dept. of CSE, Nizam Institute of Engg. & Tech., Hyderabad, India (e-mail: ms_qaseem@yahoo.com). Mohammed Nayeemuddin is with Dept. of Informatics, Nizam College, Osmania University (e-mail: nayeemmca3@yahoo.co.in). M.M. Ali, Owais A.W. Siddiqui & Md. Abdul Rafae are with Dept of CSE, MJCET, Hyd., India (e-mail:owais.aws@gmail.com, and abdulrafae.mj2k10@hotmail.com).