Defeating pharming attacks at the client-side

With the deployment of “always-connected” broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers information.

[1]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[2]  Markus Jakobsson,et al.  Drive-By Pharming , 2007, ICICS.

[3]  Akira Yamada,et al.  Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[4]  Christopher Krügel,et al.  On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[5]  W. B. Cavnar,et al.  N-gram-based text categorization , 1994 .

[6]  Weili Han,et al.  Anti-phishing based on automated individual white-list , 2008, DIM '08.

[7]  Dan Boneh,et al.  Protecting browsers from dns rebinding attacks , 2007, CCS '07.

[8]  Eugene W. Myers,et al.  An O(NP) Sequence Comparison Algorithm , 1990, Inf. Process. Lett..

[9]  Eric Medvet,et al.  Visual-similarity-based phishing detection , 2008, SecureComm.

[10]  Sun Bin,et al.  A DNS Based Anti-phishing Approach , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[11]  Maryline Laurent-Maknavicius,et al.  A Dual Approach to Detect Pharming Attacks at the Client-Side , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[12]  Christopher Krügel,et al.  A layout-similarity-based approach for detecting phishing pages , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.