论文信息 - Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

Most of the existing phishing detection techniques are weak against domain name system (DNS)-poisoning-based phishing attacks. Proposed is a highly effective method for detecting such attacks: the network performance characteristics of websites are used for classification. To demonstrate how useful the approach is, the performance of four classification algorithms are explored: linear discriminant analysis, naive Bayesian, K -nearest neighbour, and support vector machine. Over 10 000 real-world items of routing information have been observed during a one-week period. The experimental results show that the best-performing classification method - which uses the K -nearest neighbour algorithm - is capable of achieving a true positive rate of 99.4% and a false positive rate of 0.7%.

Jun Ho Huh | Hyoungshick Kim

[1] David G. Stork,et al. Pattern Classification , 1973 .

[2] Suku Nair,et al. Circumventing security toolbars and phishing filters via rogue wireless access points , 2010, CMC 2010.

[3] Lorrie Faith Cranor,et al. Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[4] Jason I. Hong,et al. A hybrid phish detection approach by identity discovery and keywords retrieval , 2009, WWW '09.