论文信息 - An Empirical Analysis of the Effectiveness of Browser-based Antiphishing Solutions

An Empirical Analysis of the Effectiveness of Browser-based Antiphishing Solutions

Phishing has by far become the most dangerous form of fraud to hit online business. Due to the key role in accessing the Internet, web browsers are at a strategic position to offer the protection against the risks of phishing attacks. Varieties of security companies have proposed their browser-based antiphishing solutions to protect the end-use. In this paper, we used 3403 fresh phishing URLs and 1000 legitimate URLs to conduct four experiments on ten popular anti-phishing tools including browsers and browser plug-ins. Overall, we found that the Google Chrome and Firefox identified the most phishing sites, but these two browsers still missed more than 20% fraudulent sites. Qihoo 360 Secure Explorer did a strong performance under the APAC dataset that demonstrate their excellent abilities of the Chinese-target phishing detection. We also found that different anti-phishing tools have totally different reactions between regions and languages. And finally, we proposed our suggestions for designing a comprehensive anti-phishing mechanism.

[1] Lorrie Faith Cranor,et al. Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[2] Lorrie Faith Cranor,et al. An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[3] Yang Xin,et al. Protection Against Phishing Attacks: A Survey , 2011 .

[4] Christopher Krügel,et al. On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[5] Brian Ryner,et al. Large-Scale Automatic Classification of Phishing Pages , 2010, NDSS.

[6] Lorrie Faith Cranor,et al. You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[7] Lawrence K. Saul,et al. Identifying suspicious URLs: an application of large-scale online learning , 2009, ICML '09.

[8] Piotr Indyk,et al. Similarity Search in High Dimensions via Hashing , 1999, VLDB.

[9] Lorrie Faith Cranor,et al. Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.

[10] John C. Mitchell,et al. Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[11] Lawrence K. Saul,et al. Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.