论文信息 - Sophisticated Phishers Make More Spelling Mistakes: Using URL Similarity against Phishing

Sophisticated Phishers Make More Spelling Mistakes: Using URL Similarity against Phishing

Phishing attacks rise in quantity and quality. With short online lifetimes of those attacks, classical blacklist based approaches are not sufficient to protect online users. While attackers manage to achieve high similarity between original and fraudulent websites, this fact can also be used for attack detection. In many cases attackers try to make the Internet address (URL) from a website look similar to the original. In this work, we present a way of using the URL itself for automated detection of phishing websites by extracting and verifying different terms of a URL using search engine spelling recommendation. We evaluate our concept against a large test set of 8730 real phishing URLs. In addition, we collected scores for the visual quality of a subset of those attacks to be able to compare the performance of our tests for different attack qualities. Results suggest that our heuristics are able to mark 54.3% of the malicious URLs as suspicious. With increasing visual quality of the phishing websites, the number of URL characteristics that allow a detection increases, as well.

Max-Emanuel Maurer | Lukas Höfer | Max-Emanuel Maurer | Lukas Höfer

[1] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[2] John C. Mitchell,et al. Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[3] Robert Wilensky,et al. Robust Hyperlinks Cost Just Five Words Each , 2000 .

[4] Jon Postel,et al. Domain Name System Structure and Delegation , 1994, RFC.

[5] Jason Hong,et al. The state of phishing attacks , 2012, Commun. ACM.

[6] Carolyn Penstein Rosé,et al. CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[7] Viktor Krammer. Phishing defense against IDN address spoofing attacks , 2006, PST.

[8] David Ma,et al. Does domain highlighting help people identify phishing sites? , 2011, CHI.

[9] Dan Gusfield,et al. Algorithms on Strings, Trees, and Sequences - Computer Science and Computational Biology , 1997 .

[10] Evgeniy Gabrilovich,et al. The homograph attack , 2002, CACM.

[11] Marti A. Hearst,et al. Why phishing works , 2006, CHI.

[12] Min Wu,et al. Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[13] Lorrie Faith Cranor,et al. Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[14] Lorrie Faith Cranor,et al. Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.