A honeypots based anti-phishing framework

Honeypots have been extensively used, as a very powerful anti-phishing tool, by IT security experts and financial institutions to gather spurious mails of phishing kind. This has helped the security service providers to detect new phishing sites and quickly shut them down. Honeypots are also deployed to collect critical information about activities of people involved in phishing, helping in generation of statistical data to later aid in security research and forensic investigations. More recently, active feeding of phishers with honeytokens is also proposed as a proactive security mechanism, in line with the “taking the war to their home” approach. In this research paper, we elaborate certain problems of anti-phishing solutions based on honeypots being used currently. We propose to minimize or overcome these limitations/problems by performing the makeover of real online banking system into a large honeypot armed with honeytokens. This large honeypot will be supported by some additional honeypots, to make it more powerful. A phishing attempt detection algorithm, called PhishDetekt, is used to automatically sense dubious phishers' bids of stealing money from victims' bank accounts. The system asks for the potential victim's reconfirmation for the transaction under suspicion. This results in development of a new honeypot-based anti-phishing framework. As a vital component of the proposed framework, we also propose to use virtual honeypots-emulating agents to mimic behavior of real users to access the Online banking system regularly. The main objective of such agents will be to submit honeytokens to phishing malware and to take the fight against phishers to their own territory.

[1]  Jeffrey Aboud SPY-PHISHING – A NEW BREED OF BLENDED THREATS ABOUD , 2006 .

[2]  Rayford B. Vaughn,et al.  Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[3]  Shambhu J. Upadhyaya,et al.  PHONEY: mimicking user response to detect phishing attacks , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[4]  Michael Baentsch,et al.  A Banking Server's Display on your Key Chain , 2008, ERCIM News.

[5]  Cormac Herley,et al.  Password Rescue: A New Approach to Phishing Prevention , 2006, HotSec.

[6]  Jeff Yan,et al.  Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[7]  Lance James,et al.  Phishing exposed , 2005 .

[8]  Russell Dean Vines,et al.  Phishing: Cutting the Identity Theft Line , 2005 .

[9]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[10]  Ahmad-Reza Sadeghi,et al.  A Forensic Framework for Tracing Phishers , 2007, FIDIS.

[11]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[12]  Tyler Moore,et al.  The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.

[13]  Shujun Li,et al.  A novel anti-phishing framework based on honeypots , 2009, 2009 eCrime Researchers Summit.

[14]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[15]  Robert Louis B. Stevenson,et al.  Plugging the “Phishing” Hole: Legislation Versus Technology , 2005 .

[16]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[17]  A.-R. Sadeghi,et al.  Phishing Phishers - Observing and Tracing Organized Cybercrime , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[18]  Lorenz Froihofer,et al.  QR-TAN: Secure Mobile Transaction Authentication , 2009, 2009 International Conference on Availability, Reliability and Security.

[19]  Markus Jakobsson,et al.  Delayed password disclosure , 2008, Int. J. Appl. Cryptogr..

[20]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[21]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[22]  Markus Jakobsson,et al.  Drive-By Pharming , 2007, ICICS.

[23]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[24]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.