Anti-phishing based on automated individual white-list

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Anti-phishing based on automated individual white-list

Full text

Pdf (353 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 4th ACM workshop on Digital identity management table of contents

Alexandria, Virginia, USA

SESSION: Novel services table of contents

Pages 51-60

Year of Publication: 2008

ISBN:978-1-60558-294-8

Authors

Ye Cao	Software School, Fudan University, Shanghai, China
Weili Han	Software School, Fudan University, Shanghai, China
Yueran Le	Software School, Fudan University, Shanghai, China

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 228, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456424.1456434 What is a DOI?

ABSTRACT

In phishing and pharming, users could be easily tricked into submitting their username/passwords into fraudulent web sites whose appearances look similar as the genuine ones. The traditional blacklist approach for anti-phishing is partially effective due to its partial list of global phishing sites. In this paper, we present a novel anti-phishing approach named Automated Individual White-List (AIWL). AIWL automatically tries to maintain a white-list of user's all familiar Login User Interfaces (LUIs) of web sites. Once a user tries to submit his/her confidential information to an LUI that is not in the white-list, AIWL will alert the user to the possible attack. Next, AIWL can efficiently defend against pharming attacks, because AIWL will alert the user when the legitimate IP is maliciously changed; the legitimate IP addresses, as one of the contents of LUI, are recorded in the white-list and our experiment shows that popular web sites' IP addresses are basically stable. Furthermore, we use Naïve Bayesian classifier to automatically maintain the white-list in AIWL. Finally, we conclude through experiments that AIWL is an efficient automated tool specializing in detecting phishing and pharming.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Identity Theft: What to Do if It Happens to You. http://www.anti-phishing.org/consumer_recs2.htm.
	2	Yue Zhang , Jason I. Hong , Lorrie F. Cranor, Cantina: a content-based approach to detecting phishing web sites, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada [doi>10.1145/1242572.1242659]
	3	Anti-Phishing Working Group. http://www.anti-phishing.org/.
	4	Markus Jakobsson , Steven Myers, Delayed password disclosure, Proceedings of the 2007 ACM workshop on Digital identity management, November 02-02, 2007, Fairfax, Virginia, USA [doi>10.1145/1314403.1314407]
	5	Ian Fette , Norman Sadeh , Anthony Tomasic, Learning to detect phishing emails, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada [doi>10.1145/1242572.1242660]
	6	M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A Bayesian approach to filtering junk email. AAAI Workshop on Learning for Text Categorization, Madison, Wisconsin, July 1998,. AAAI Technical Report WS-98-05
	7	Ion Androutsopoulos , John Koutsias , Konstantinos V. Chandrinos , Constantine D. Spyropoulos, An experimental comparison of naive Bayesian and keyword-based anti-spam filtering with personal e-mail messages, Proceedings of the 23rd annual international ACM SIGIR conference on Research and development in information retrieval, p.160-167, July 24-28, 2000, Athens, Greece [doi>10.1145/345508.345569]
	8	R. O. Duda and P.E. Hart. Bayes Decision Theory. Chapter 2 in Pattern Classification and Scene Analysis, pp. 10--43. John Wiley, 1973.
	9	T. M. Mitchell. Bayesian Learning. Chapter 6 in Machine Learning, pp. 154--200. McGraw-Hill, 1997.
	10	P. Domingos and M. Pazzani. Beyond Independence: Conditions for the Optimality of the Simple Bayesian Classifier. Proceedings of the 13th International Conference on Machine Learning, Bari, Italy, 1996: 105--112
	11	P. Langley, I. Wayne and K. Thompson. An Analysis of Bayesian Classifiers. Proceedings of the 10th National Conference on Artificial Intelligence, San Jose, Califomia, 1992: 223--228
	12	PhishTank. http://www.phishtank.com/.
	13	Dinei Florencio , Cormac Herley, A large-scale study of web password habits, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada [doi>10.1145/1242572.1242661]
	14	RSA Security, Protecting Against Phishing by Implementing Strong Two-Factor Authentication. 2004,https://www.rsasecurity.com/products/securid/whitepapers/PHISH_WP_0904.pdf.
	15	Rachna Dhamija , J. D. Tygar, The battle against phishing: Dynamic Security Skins, Proceedings of the 2005 symposium on Usable privacy and security, p.77-88, July 06-08, 2005, Pittsburgh, Pennsylvania [doi>10.1145/1073001.1073009]
	16	Min Wu , Robert C. Miller , Greg Little, Web wallet: preventing phishing attacks by revealing user intentions, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania [doi>10.1145/1143120.1143133]
	17	SpoofGuard. http://crypto.stanford.edu/SpoofGuard/.
	18	NetCraft, Netcraft Anti-Phishng Toolbar. http://toolbar.netcraft.com/.
	19	Google Safe Browsing for Firefox. http://www.google.com/tools/firefox/safebrowsing
	20	EarthLink Tool. http://www.earthlink.net/software/free/toolbar/.
	21	GeoTrust, Inc. TrustWatch Tool. http://toolbar.trustwatch.com/tour/v3ie/toolbar-v3ie-tour-overview.html.
	22	CallingID, Ltd. http://www.callingid.com/DesktopSolutions/CallingIDToolbar.aspx.
	23	eBay Toolbar's Account Guard. http://pages.ebay.com/help/confidence/account-guard.html.
	24	Blake Ross , Collin Jackson , Nick Miyake , Dan Boneh , John C. Mitchell, Stronger password authentication using browser extensions, Proceedings of the 14th conference on USENIX Security Symposium, p.2-2, July 31-August 05, 2005, Baltimore, MD
	25	Ka-Ping Yee , Kragen Sitaker, Passpet: convenient password management and phishing protection, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania [doi>10.1145/1143120.1143126]
	26	D. Florencio and C. Herley. Stopping a Phishing Attack, Even when the Victims Ignore Warnings, Microsoft Research (MSR), Tech. Rep. MSR-TR-2005-142, 2005.
	27	Single Sign-On. http://www.opengroup.org/security/sso/.
	28	Cosign.http://www.umich.edu/~umweb/software/cosign/overview.html
	29	V. P. Deshpande, R. F. Erbacher, C. Harris. An Evaluation of Naive Bayesian Anti-Spam Filtering Techniques. Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC 20-22 June 2007: 333 -- 340
	30	Y. Zhang, S. Egelman, L. Cranor and J. Hong. Phinding Phish: Evaluating Anti-Phishing Tools. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), San Diego, CA, 2007
	31	Microsoft Corporation. Internet Explorer 7. http://www.microsoft.com/windows/ie/default.mspx
	32	Chris Karlof , Umesh Shankar , J. D. Tygar , David Wagner, Dynamic pharming attacks and locked same-origin policies for web browsers, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA [doi>10.1145/1315245.1315254]
	33	Weili Han , Yi Wang , Ye Cao , Jiping Zhou , Lixing Wang, Anti-Phishing by Smart Mobile Device, Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops, p.295-302, September 18-21, 2007