Two-Pronged Phish Snagging

Phishing causes billions of dollars in damage every year and poses a serious threat to the Internet economy. Among the many possible communication channels, electronic mail still remains the most commonly used medium to launch phishing attacks. In this paper, we present a two dimensional approach to detecting phishing emails. We devise two independent, unsupervised classifiers, namely the link and header classifiers, and two combinations of these classifiers. We show that our schemes significantly outperform the previous unsupervised and supervised phishing detection schemes for emails in the literature. We also utilize contextual information, when available, to detect phishing. Finally, our protocol is designed to detect phishing at the email level rather than detecting fraudulent, masqueraded websites. Our implementation framework called PhishSnag, operates between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks even before reaching the inbox.

[1]  Xiaotie Deng,et al.  Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[2]  Suku Nair,et al.  A comparison of machine learning techniques for phishing detection , 2007, eCrime '07.

[3]  Andrew H. Sung,et al.  Detection of Phishing Attacks: A Machine Learning Approach , 2008, Soft Computing Applications in Industry.

[4]  Chuanxiong Guo,et al.  Online Detection and Prevention of Phishing Attacks , 2006, 2006 First International Conference on Communications and Networking in China.

[5]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[6]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[7]  Calton Pu,et al.  Evolutionary study of phishing , 2008, 2008 eCrime Researchers Summit.

[8]  Brian Ryner,et al.  Large-Scale Automatic Classification of Phishing Pages , 2010, NDSS.

[9]  Weider D. Yu,et al.  PhishCatch - A Phishing Detection Tool , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[10]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[11]  Christopher Krügel,et al.  On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[12]  Mikhail J. Atallah,et al.  ViWiD : Visible Watermarking Based Defense Against Phishing , 2005, IWDW.

[13]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[14]  Xiaotie Deng,et al.  Phishing Web page detection , 2005, Eighth International Conference on Document Analysis and Recognition (ICDAR'05).

[15]  Jonathan J. Oliver,et al.  Anatomy of a Phishing Email , 2004, CEAS.

[16]  David Ma,et al.  Does domain highlighting help people identify phishing sites? , 2011, CHI.

[17]  Vijay K. Gurbani,et al.  Phishwish: a simple and stateless phishing filter , 2009, Secur. Commun. Networks.

[18]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[19]  Gerhard Paass,et al.  Improved Phishing Detection using Model-Based Features , 2008, CEAS.