A Hybrid System to Find & Fight Phishing Attacks Actively

Traditional anti-phishing methods and tools always worked in a passive way to receive users' submission and determine phishing URLs. Usually, they are not fast and efficient enough to find and take down phishing attacks. We analyze phishing reports from Anti-phishing Alliance of China(APAC) and propose a hybrid method to discover phishing attacks in an active way based on DNS query logs and known phishing URLs. We develop and deploy our system to report living phishing URLs automatically to APAC every day. Our system has become a main channel in supplying phishing reports to APAC in China and can be a good complement to traditional anti-phishing methods.

[1]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[2]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[3]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[5]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[6]  Gang Liu,et al.  Automatic Detection of Phishing Target from Phishing Webpage , 2010, 2010 20th International Conference on Pattern Recognition.