论文信息 - Method for Evaluating the Security Risk of a Website Against Phishing Attacks

Method for Evaluating the Security Risk of a Website Against Phishing Attacks

As Internet technologies evolve, phishing and pharming attacks frequently occur and diversify. In order to protect the economic loss and privacy of Internet users against the phishing attacks, several researches such as website authentication and email authentication have been studied. Although, most of them use website black-list (WBL) or website white-list (WWL), there are several weak points, such as validity of WBL DB (database) and the short life-cycle of phishing websites. That is, it is impossible to discriminate between legitimate and forged websites until the phishing attacks are detected and recorded into WBL DB. Furthermore, the existing WBL and WWL approaches hardly counter the new generation of sophisticated malware pharming attacks. In this paper, in order to overcome the limitation of WBL and WWL approaches, new approach based on the WWL approach, which can quantitatively estimate the security risk of websites that is security risk degree representing the phishing websites, is proposed.

[1] Min Wu,et al. Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[2] J. Doug Tygar,et al. Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks , 2005, HIP.

[3] John C. Mitchell,et al. Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[4] Marti A. Hearst,et al. Why phishing works , 2006, CHI.

[5] A. Emigh,et al. Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures , 2005 .

[6] Christopher Krügel,et al. Building Anti-Phishing Browser Plug-Ins: An Experience Report , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[7] Xiaotie Deng,et al. Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[8] Xiaotie Deng,et al. An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.

[9] J. Doug Tygar,et al. The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.