Anti-phishing based on automated individual white-list

In phishing and pharming, users could be easily tricked into submitting their username/passwords into fraudulent web sites whose appearances look similar as the genuine ones. The traditional blacklist approach for anti-phishing is partially effective due to its partial list of global phishing sites. In this paper, we present a novel anti-phishing approach named Automated Individual White-List (AIWL). AIWL automatically tries to maintain a white-list of user's all familiar Login User Interfaces (LUIs) of web sites. Once a user tries to submit his/her confidential information to an LUI that is not in the white-list, AIWL will alert the user to the possible attack. Next, AIWL can efficiently defend against pharming attacks, because AIWL will alert the user when the legitimate IP is maliciously changed; the legitimate IP addresses, as one of the contents of LUI, are recorded in the white-list and our experiment shows that popular web sites' IP addresses are basically stable. Furthermore, we use Naïve Bayesian classifier to automatically maintain the white-list in AIWL. Finally, we conclude through experiments that AIWL is an efficient automated tool specializing in detecting phishing and pharming.

[1]  Ka-Ping Yee,et al.  Passpet: convenient password management and phishing protection , 2006, SOUPS '06.

[2]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[3]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[4]  Constantine D. Spyropoulos,et al.  An experimental comparison of naive Bayesian and keyword-based anti-spam filtering with personal e-mail messages , 2000, SIGIR '00.

[5]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[6]  Min Wu,et al.  Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[7]  Pedro M. Domingos,et al.  Beyond Independence: Conditions for the Optimality of the Simple Bayesian Classifier , 1996, ICML.

[8]  Weili Han,et al.  Anti-Phishing by Smart Mobile Device , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[9]  Markus Jakobsson,et al.  Delayed password disclosure , 2007, DIM '07.

[10]  Lorrie Faith Cranor,et al.  Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.

[11]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[12]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[13]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[14]  Óscar Rodríguez Fernández,et al.  Internet Explorer 7 , 2007 .

[15]  R.F. Erbacher,et al.  An Evaluation of Naïve Bayesian Anti-Spam Filtering Techniques , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[16]  Cormac Herley,et al.  Stopping a Phishing Attack, Even when the Victims Ignore Warnings , 2005 .

[17]  Pat Langley,et al.  An Analysis of Bayesian Classifiers , 1992, AAAI.

[18]  Susan T. Dumais,et al.  A Bayesian Approach to Filtering Junk E-Mail , 1998, AAAI 1998.