An Intelligent System for Preventing SSL Stripping-based Session Hijacking Attacks

An intelligent system to prevent SSL Stripping based session hijacking attacks is proposed in this paper. The system is designed to strike a delicate balance between security and user-friendliness. Common user behavior towards security warnings is taken into account and combined with well-known machine learning and statistical techniques to build a robust solution against SSL Stripping. Users are shown warning messages of various levels based on the importance of each website from a security point of view. Initially, websites are classified using a Naive Bayes classifier. User responses towards warnings messages are stored and combined at a central database server to provide a modified and continuously improving rating system for websites. The system serves to both protect and educate users without causing them an unnecessary annoyance.