Once a perfect mismatch. Practically, achieving 1 or

Once the snapshot of the suspected site is taken, RGB channels are converted into a Grayscale channel by averaging Red, Green and Blue values. The resultant Grayscale image is analyzed to find key features or important points. The mechanism used to detect important points is through detection of corners. The Harris-Laplace algorithm is used to detect corners in an image by this proposal. The main advantage of Harris-Laplace algorithm is its accuracy in conditions of different resolutions and rotations. Each Harris-Laplacian corner (or salient point) found in the snapshot is then described by a 48-dimensional vector, as specified by Contrast Context Histograms (CCH) which is simply based on the relative contrast values of pixels surrounding the Harris-Laplacian corner. Pixels surrounding corners are ones that fall under the coverage of a defined logpolar grid, centered by the detected corner. 24 sub-regions exist in the polar grid. Each sub-region includes the number of pixels. The difference between the contrast values of each of these pixels against the Harris-Laplacian corners contrast value is calculated. As a result, each sub-region would have a number of positive and negative pixels, which represent their difference against the corner. Matching important points is based on calculating the Euclidean distance between important points found on a suspected site, against important points found on protected whitelisted sites. The distance ratio would determine whether a match for a important point exists. Ratio equal to 1 would mean perfect match for a particular salient point, while 0 would mean a perfect mismatch. Practically, achieving 1 or 0 ratios is not realistic. Thus, a threshold of 0.6 was used in experiments of this proposal to identify matches. Salient points matching, alone, might trigger high false positive rates. For example, websites that publish the logos of VeriSign or Anti-Hacker might falsely be detected as phishing attacks. A suspect site is considered visually matched against a whitelisted CCH if the number of salient point matches within a k-means cluster is more than 50\% of the total number of unmatched important points in the same cluster. The suspect site is therefore considered legal if its URL matches that of the whitelisted CCH entry, or phishing if otherwise. In other words, the visual appearance of a particular page is allowed to be accessed by trusted URLs only, and if another suspect URL contains content that is visually identical to that of another website while having a different URL then the suspect URL will be considered a phishing website. Mahmoud Khonji et.al described various phishing detection techniques in detail.