KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Phishing Detection Methodology Using Web Sites Heuristic

웹사이트 특징을 이용한 휴리스틱 피싱 탐지 방안 연구

  • 이진이 (건국대학교 컴퓨터공학과) ;
  • 박두호 (한국정보통신기술협회) ;
  • 이창훈 (건국대학교 컴퓨터공학과)
  • Received : 2015.06.22
  • Accepted : 2015.08.25
  • Published : 2015.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-advantages respectively, but the phishing attack has not been eradicated completely yet. In this paper, we have studied phishing in detail and categorize a process of phishing attack in two parts - Landing-phase, Attack-phase. In addition, we propose an phishing detection methodology based on web sites heuristic. To extract web sites features, we focus on URL and source codes of web sites. To evaluate performance of the suggested method, set up an experiment and analyze its results. Our methodology indicates the detection accuracy of 98.9% with random forest algorithm. The evaluation of proof-of-concept reveals that web site features can be used for phishing detection.

웹을 이용하는 사용자가 증가함에 따라 피싱 공격이 점차 증가하고 있다. 다양한 피싱 공격에 효과적으로 대응하기 위해서는 피싱 공격에 대한 올바른 이해가 필요하며 적절한 대응 방법을 활용할 수 있어야 한다. 이를 위해 본 논문에서는 피싱 공격의 절차를 접근 유도 단계와 공격 실행 단계로 정의하고 각 단계에서 발생하는 피싱 공격의 유형을 분석한다. 이와 같은 분석을 통해 피싱 공격에 대한 인식을 재고하고 피싱 공격의 피해를 사전에 예방할 수 있다. 또한, 분석된 내용을 기반으로 각 피싱 유형에 대한 대응 방안을 제시한다. 제안하는 대응 방안은 각 단계별로 적합한 웹사이트 특징을 활용한 방식이다. 대응 방안의 유효성을 판단하기 위하여 제안한 특징 추출 방안을 통해 휴리스틱 기반 악성 사이트 분류 모델을 생성하고 각 모델의 정확도를 검증한다. 결론적으로 본 논문에서 제안하는 방안은 안티 피싱 기술을 강화하는 기초가 되고 웹사이트 보안 강화의 기반이 된다.

Keywords

References

  1. Korea Internet and Security Agency [Internet], http://isis.kisa.or.kr/ebook/ebook.html.
  2. Korea Internet and Security Agency. Internet & Security Focus [Internet], https://www.krcert.or.kr/kor/data/reportList.jsp, Nov., 2014.
  3. Korea Communications Commission [Internet], https://www.kisdi.re.kr/kisdi/common/premium?file=1%7C12940.
  4. APWG, "Phishing Activity Trends Report 1st Quarter 2014," Jun., 2014.
  5. APWG, "Global Phishing Survey: Trends and Domain Name Use in 1H2014," Oct., 2014.
  6. Telecommunications Technology Association [Internet], http: //word.tta.or.kr.
  7. Gaurav Kumar Chaudhary, "Development Review on Phishing: A Computer Security Threat," International Journal of Advance Research in Computer Science and Management Studies, Vol.2, No.8, pp.55-64, 2014.
  8. M. Nazreen Banu and S. Munawara Banu, "A Comprehensive Study of Phishing Attacks," International Journal of Computer Science and Information Technologies, Vol.4, No.6, pp.783-786, 2013.
  9. Trend Micro Inc., "Spear-Phishing Email: Most Favored APT Attack Bait," Trend Micro Incorporated Research Paper, 2012.
  10. Joongang Ilbo [Internet], http://life.joins.com/news/article/article.asp?Total_ID=16844310&ctg=12&sid=6692.
  11. Thomas Nagunwa, "Behind Identity Theft and Fraud in Cyberspace: The Current Landscape of Phishing Vectors," International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol.3, No.1, pp.72-83, 2014.
  12. PG Research Group, et al., "The Web Identity Prevention: Factors to Consider in The Anti-Phishing Design," International Journal of Engineering Science and Technology, Vol.2, No.7, pp.2807-2812, 2010.
  13. JooHyung Oh, ChaeTae Im, and HyunCheol Jeong, "Technical Trends and Response Methods of Drive-by Download," Communications of the Korean Institute of Information Scientists and Engineer, Vol.28, No.11, pp.112-116, 2010.
  14. The Open Web Application Security Project. Man-in-themiddle attack [Internet], https://www.owasp.org/index.php?title=Man-in-the-middle_attack&setlang=en.
  15. Korea Internet and Security Agency, KISA [Internet], http://boho.or.kr/upload/file/EpF850.pdf.
  16. Korea Internet and Security Agency, INTERNET & SECURIT Y FOCUS [Internet], http://www.kisa.or.kr/uploadfile/201502/201502061010089938.pdf, Jan., 2015.
  17. Guang Xiang, et al., "Cantina+: A feature-rich machine learning framework for detecting phishing web sites," ACM Transactions on Information and System Security (TISSEC), Vol.14, No.2, pp.21, 2011.
  18. Imtithal A. Saeed, et al., "A Survey on Malware and Malware Detection Systems," International Journal of Computer Applications, Vol.67, No.16, pp.25-31, 2013. https://doi.org/10.5120/11480-7108
  19. Luong Anh Tuan Nguyen, et al., "A novel approach for phishing detection using URL-based heuristic," Computing, Management and Telecommunications (ComManTel), 2014 International Conference on. IEEE, pp.298-303, 2014.
  20. Firdous Kausar, et al., "Hybrid Client Side Phishing Websites Detection Approach," International Journal of Advanced Computer Science and Applications (IJACSA), Vol.5, No.7, pp.132-140, 2014.
  21. A. Naga Venkata Sunil and Anjali Sardana, "A pagerank based detection technique for phishing web sites," Computers & Informatics(ISCI), 2012 IEEE Symposium on. IEEE, pp.58-63, 2012.
  22. Neda Abdelhamid, et al., "Phishing detection based Associative Classification data mining," Expert Systems with Applications, Vol.41, No.13, pp.5948-5959, 2014. https://doi.org/10.1016/j.eswa.2014.03.019
  23. R. Gowtham and Ilango Krishnamurthi, "A comprehensive and efficacious architecture for detecting phishing webpages," Computers & Security, Vol.40, pp.23-37, 2014. https://doi.org/10.1016/j.cose.2013.10.004
  24. Davide Canali, et al., "Prophiler: a fast filter for the largescale detection of malicious web pages," in Proceedings of the 20th international conference on World Wide Web, ACM, pp.197-206, 2011.
  25. Ammar Almomani, et al., "A survey of phishing email filtering techniques," IEEE Communications Surveys & Tutorials, Vol.15, No.4, pp.2070-2090, 2013. https://doi.org/10.1109/SURV.2013.030713.00020
  26. Rami M. Mohammad, et al., "Intelligent rule-based phishing websites classification," The Institution of Engineering and Technology. Information Security, Vol.8, No.3, pp.153-160, 2014.
  27. H. B. Kazemian and S. Ahmed, "Comparisons of machine learning techniques for detecting malicious webpages," Expert Systems with Applications, Vol.42, No.3, pp.1166-1177, 2015. https://doi.org/10.1016/j.eswa.2014.08.046
  28. Yue Zhang, et al., "Cantina: a content-based approach to detecting phishing web sites," WWW '07 Proceedings of the 16th international conference on World Wide Web. ACM, pp.639-648, 2007.
  29. Christian Ludl, et al., "On the effectiveness of techniques to detect phishing sites," Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2007), pp.20-39, 2007.
  30. Hwang, Young Sup, et al., "Classifying malicious web pages by using an adaptive support vector machine," Journal of Information Processing Systems, Vol.9, No.3, pp.395-404, 2013. https://doi.org/10.3745/JIPS.2013.9.3.395
  31. Ram Basnet, et al., "Detection of phishing attacks: A machine learning approach," Soft Computing Applications in Industry, Springer Berlin Heidelberg, pp.373-383, 2008.
  32. Vibhuti Patel and Hasmukh Patel, "Safe Internet Browsing Using Heuristic Based Technique," International Journal of Engineering Development and Research(IJEDR), Vol.2, No.2, pp.1759-1766, 2014.
  33. Yung-Tsung Hou, et al., "Malicious web content detection by machine learning," Expert Systems with Applications, Vol.37, No.1, pp.55-60, 2010. https://doi.org/10.1016/j.eswa.2009.05.023
  34. Colin Whittaker, et al., "Large-Scale Automatic Classification of Phishing Pages," NDSS, Vol.10, 2010.
  35. V. Santhana Lakshmi and M. S. Vijaya, "Efficient prediction of phishing websites using supervised learning algorithms," Procedia Engineering, Vol.30, pp.798-805, 2012. https://doi.org/10.1016/j.proeng.2012.01.930
  36. Albert Hung-Ren Ko and Robert Sabourin, "Single Classifierbased Multiple Classification Scheme for weak classifiers: An experimental comparison," Expert Systems with Applications, Vol.40, No.9, pp.3606-3622, 2013. https://doi.org/10.1016/j.eswa.2012.12.067