In today’s cyber era, Internet of Things (IoT) based products are increasingly adopted by users for various purposes. Accesses to these systems are facilitated via a web application to the end user. Traditionally, Phishing attacks were targeted toward banking and financial systems. With the rise in usage of IoT, the attack surface increases. Along with IoT specific attacks, attackers are targeting users with Phishing to steal passwords in order to gain access to IoT devices like security cameras. Phishing is an online attack that has been around for more than two decades. Though there are advanced prevention and detection mechanisms designed and developed by researchers and organizations, statistics show that Phishing has been on the rise. Often, there is a monetary incentive for the bad actor that carries out a phishing attack. This motivates attackers to advance their evasion mechanisms and maintain the status quo as a race between detection and evasion. A methodology Phish-Sec was introduced which paves a way to counter Phishing attacks in a pro-active manner by aggregating signatures of legitimate websites at the source. Phish-Sec involves determining uniqueness across ‘n’ websites. This manuscript provides the mathematical solution using intersection to determine the uniqueness of a visited web page. Iterative intersection is incorporated with Phish-sec to facilitate poison avoidance in its back-end system. By this, Phish-Sec can be expanded to a variety of applications, including non-financial based systems like IoT. It is proved that the overall efficiency of Phish-Sec increases along with its expansion capabilities. The true positive achieved by phish-sec is 99.15% which is 0.15% higher.

在当今的网络时代，基于物联网（IoT）的产品越来越多地被用户用于各种目的。通过Web应用程序方便最终用户访问这些系统。传统上，网络钓鱼攻击是针对银行和金融系统的。随着物联网使用的增加，攻击面越来越大。除了特定于物联网的攻击外，攻击者还针对具有网上诱骗功能的用户窃取密码，以获取对安全摄像机等物联网设备的访问权限。网络钓鱼是一种已经存在了二十多年的在线攻击。尽管有由研究人员和组织设计和开发的先进的预防和检测机制，但统计数据表明，网络钓鱼正在上升。通常，对进行网上诱骗攻击的不良行为者有金钱上的诱因。这激发了攻击者推进其逃避机制并维持侦破和逃避之间的竞争现状。引入了一种方法Phish-Sec，该方法通过在源头聚合合法网站的签名，为主动防御网络钓鱼攻击铺平了道路。Phish-Sec涉及确定'n'个网站的唯一性。该手稿提供了使用交集来确定所访问网页的唯一性的数学解决方案。重复交叉点与Phish-sec结合使用，以促进后端系统中的毒物避免。通过这种方式，Phish-Sec可以扩展到各种应用程序，包括物联网等非金融系统。事实证明，Phish-Sec的整体效率随着其扩展能力的提高而提高。phish-sec获得的真正肯定是99。