PhishLedger: A Decentralized Phishing Data Sharing Mechanism

In recent years, phishing has become one of the biggest security threats on the Internet. To combat phishing, it requires multiple steps and multi-agency participation and thus desperately need uniform data sharing format and unobstructed sharing channels, which unfortunately is just what is lacking currently. This paper proposes a novel phishing data sharing mechanism based on the consortium blockchain. It designs four types of nodes, including reporting node, accounting node, servicing node and supervising node and illustrates the roles of each type. Then it demonstrates the process of reporting, accounting and servicing and designs the process of post-supervision, which ensures the operation of the mechanism stable and fastest; and then discusses its implementation on Hyperledger Fabric. The proposed mechanism includes multi-source reporting, anti-tamper accounting, multi-channel disposal of phishing data and post-supervision. It provides a platform for multi-party participation, transparent and efficient coordination and unified standard and overcomes the current prominent problems of phishing data sharing; and the participants on the consortium blockchain all have a strong desire to combat phishing, which ensures the proposed mechanism is also very practical and highly feasible.

[1]  Abdelfettah Belghith,et al.  CBR-PDS: a case-based reasoning phishing detection system , 2019, J. Ambient Intell. Humaniz. Comput..

[2]  Balaji Viswanathan,et al.  Performance Benchmarking and Optimizing Hyperledger Fabric Blockchain Platform , 2018, 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS).

[3]  Nishith Pathak,et al.  IoT, AI, and Blockchain for .NET , 2018, Apress.

[4]  Kim-Kwang Raymond Choo,et al.  Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? , 2018, IEEE Cloud Computing.

[5]  Patrick Cain,et al.  Extensions to the IODEF-Document Class for Reporting Phishing , 2010, RFC.

[6]  Ryan Heartfield,et al.  Protection Against Semantic Social Engineering Attacks , 2018 .

[7]  Elijah Blessing Rajsingh,et al.  Intelligent phishing url detection using association rule mining , 2016, Human-centric Computing and Information Sciences.

[8]  Aiqing Zhang,et al.  Towards Secure and Privacy-Preserving Data Sharing in e-Health Systems via Consortium Blockchain , 2018, Journal of Medical Systems.

[9]  Wajid Rasheed,et al.  Anti-phishing Models for Mobile Application Development: A Review Paper , 2018 .

[10]  Alwyn Roshan Pais,et al.  Detection of phishing websites using an efficient feature-based machine learning framework , 2018, Neural Computing and Applications.

[11]  Prakhar Srivastava,et al.  Detection of Phishing Websites using an Efficient Feature-Based Machine Learning Framework , 2020 .

[12]  Nishith Pathak,et al.  Implementing Blockchain as a Service , 2018 .

[13]  Salil S. Kanhere,et al.  BlockChain: A Distributed Solution to Automotive Security and Privacy , 2017, IEEE Communications Magazine.

[14]  Bikramaditya Singhal,et al.  How Blockchain Works , 2018 .