A framework for detection and measurement of phishing attacks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A framework for detection and measurement of phishing attacks

Full text

Pdf (230 KB)

Source

Workshop On Rapid Malcode archive
Proceedings of the 2007 ACM workshop on Recurring malcode table of contents

Alexandria, Virginia, USA

SESSION: Threats table of contents

Pages: 1 - 8

Year of Publication: 2007

ISBN:978-1-59593-886-2

Authors

Sujata Garera	Johns Hopkins University, Baltimore, MD
Niels Provos	Google Inc., Mountain View, CA
Monica Chew	Google Inc., Mountain View, CA
Aviel D. Rubin	Johns Hopkins University, Baltimore, MD

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 39, Downloads (12 Months): 372, Citation Count: 2

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314389.1314391 What is a DOI?

ABSTRACT

Phishing is form of identity theft that combines social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. Often a phisher tries to lure her victim into clicking a URL pointing to a rogue page. In this paper, we focus on studying the structure of URLs employed in various phishing attacks. We find that it is often possible to tell whether or not a URL belongs to a phishing attack without requiring any knowledge of the corresponding page data. We describe several features that can be used to distinguish a phishing URL from a benign one. These features are used to model a logistic regression filter that is efficient and has a high accuracy. We use this filter to perform thorough measurements on several million URLs and quantify the prevalence of phishing on the Internet today

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Nancy Blachman. Google Guide, Making Searching Even Easier. http://www.googleguide.com/google works.html.
	2	Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh, and John Mitchell. Client-side defense against web-based identity theft. In 11th Annual Network and Distributed System Security Symposium (NDSS '04), San Diego, 2004.
	3	Richard Clayton. Insecure real world authentication protocols (or why is phishing so profitable), 2005. http://www.cl.cam.ac.uk/users/rnc1/phishproto.pdf.
	4	CoreStreet. Spoofstick. http://www.corestreet.com/spoofstick.
	5	Rachna Dhamija , J. D. Tygar , Marti Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada [doi>10.1145/1124772.1124861]
	6	Rachna Dhamija , J. D. Tygar, The battle against phishing: Dynamic Security Skins, Proceedings of the 2005 symposium on Usable privacy and security, p.77-88, July 06-08, 2005, Pittsburgh, Pennsylvania [doi>10.1145/1073001.1073009]
	7	Rachna Dhamija and J. D. Tygar. Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks. In Human Interactive Proofs, pages 127--141, 2005.
	8	Sujata Doshi, Niels Provos, Monica Chew, and Aviel D. Rubin. A Framework for Detection and Measurement of Phishing Attacks. Technical report, Johns Hopkins University, SPAR, December 2006. http://www.cs.jhu.edu/<sdoshi/index_files/phish_measurement.pdf.
	9	D.W.Hosmer and S. Lemeshow. Applied Logistic Regression. Wiley, New York, USA, 1989.
	10	Eran Gabber , Phillip B. Gibbons , David M. Kristol , Yossi Matias , Alain Mayer, Consistent, yet anonymous, Web access with LPWA, Communications of the ACM, v.42 n.2, p.42-47, Feb. 1999 [doi>10.1145/293411.293447]
	11	Google. Webmaster Guidelines. http://www.google.com/support/webmasters/bin/answer.py?answer=35769.
	12	Amir Herzberg and Ahmad Gbara. Trustbar: Protecting (even naive) web users from spoofing and phishing attacks. Cryptology ePrint Archive, Report 2004/155, 2004. http://eprint.iacr.org/.
	13	Markus Jakobsson. Modeling and preventing phishing attacks. Phishing Panel of Financial Cryptography, 2005.
	14	McAfee. Mcafee siteadvisor. http://www.siteadvisor.com/.
	15	Microsoft. Microsoft delivers new tools to help reduce spam, 2005. http:// www.wwwcoder.com/main/parentid/282/site/5204/266/default.aspx.
	16	NetCraft. Netcraft anti-phishing tool bar. http://toolbar.netcraft.com/.
	17	Lawrence Page, Sergey Brin, Ra jeev Motwani, and Terry Winograd. The PageRank Citation Ranking: Bringing Order to the Web. Technical report, Stanford Digital Library Technologies Project, 1998.
	18	Niels Provos , Joe McClain , Ke Wang, Search worms, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA [doi>10.1145/1179542.1179544]
	19	Foster J. Provost , Tom Fawcett , Ron Kohavi, The Case against Accuracy Estimation for Comparing Induction Algorithms, Proceedings of the Fifteenth International Conference on Machine Learning, p.445-453, July 24-27, 1998
	20	Blake Ross, Collin Jackson, Nicholas Miyake, Dan Boneh, and John Mitchell. A browser plug-in solution to the unique password problem. In Proceedings of 2005 USENIX Security Symposium, 2005.
	21	Fritz Schneider, Niels Provos, Raphael Moll, Monica Chew, and Brian Rakowski. Phishing Protection Design Documentation, 2006. http://wiki.mozilla.org/Phishing Protection: Design Documentation.
	22	Sophos. Do-it-yourself phishing kits found on the internet, reveals sophos, 2004. http://www.sophos.com/pressoffice/news/articles/2004/08/sa diyphishing.html.
	23	Ian H. Witten , Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems), Morgan Kaufmann Publishers Inc., San Francisco, CA, 2005
	24	Min Wu , Robert C. Miller , Greg Little, Web wallet: preventing phishing attacks by revealing user intentions, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania [doi>10.1145/1143120.1143133]
	25	Yue Zhang, Serge Egelman, Lorrie Faith Cranor, and Jason Hong. Phinding Phish: Evaluating Anti-Phishing Tools.

CITED BY 2

	Marco Cova , Christopher Kruegel , Giovanni Vigna, There is no free phish: an analysis of "free" and live phishing kits, Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, p.1-8, July 28, 2008, San Jose, CA
	Guang Xiang , Jason I. Hong, A hybrid phish detection approach by identity discovery and keywords retrieval, Proceedings of the 18th international conference on World wide web, April 20-24, 2009, Madrid, Spain

INDEX TERMS

Primary Classification:
K. Computing Milieux
K.4 COMPUTERS AND SOCIETY
K.4.4 Electronic Commerce
Subjects: Security

Keywords:
URL obfuscation, phishing

REVIEW

"Barrett Hazeltine : Reviewer"

Several features are identified that can be used to distinguish a phishing uniform resource locator (URL). High accuracy (97.31 percent) is achieved by a logistic regression filter based on these features. An advantage of feature-based tests over more...

Collaborative Colleagues:

Sujata Garera: colleagues

Niels Provos: colleagues

Monica Chew: colleagues

Aviel D. Rubin: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player