• Title/Summary/Keyword: anti-phishing

Search Result 21, Processing Time 0.024 seconds

Study on Anti-Phishing Solutions, Related Researches and Future Directions (피싱 대응 솔루션 연구 및 개발 현황 그리고 앞으로의 방향)

  • Shin, Ji Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1037-1047
    • /
    • 2013
  • As damages from phishing have been increased, many anti-phishing solutions and related researches have been studied. Anti-phishing solutions are often built in web-browsers or provided as security toolbars. Other types of solutions are also developed such as email-filtering and solutions strengthening server authentication via secret image sharing. At the same time, researchers have tried to see the reasons why phishing works and how effective anti-phishing solutions are. In this paper, we review relevant anti-phishing solutions, their techniques and other phishing-related researches. Based on these, we summarize recommended ways to improve anti-phishing solutions and suggest the future directions to study to protect users from phishing attacks.

Password-Based Mutual Authentication Protocol Against Phishing Attacks (피싱 공격에 대응하기 위한 패스워드 기반의 상호 인증 프로토콜)

  • Kim, Iksu;Choi, Jongmyung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.2
    • /
    • pp.41-48
    • /
    • 2018
  • Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

Countermeasures Against Phishing/Pharming via Portal Site for General Users (일반 사용자를 위한 포털 사이트 경유 피싱/파밍 방지 방안)

  • Kim, Soyoung;Kang, Ji-yoon;Kim, Yoonjeong
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.6
    • /
    • pp.1107-1113
    • /
    • 2015
  • The number of phishing/pharming attacks occurring has increased and consequently, the number of studies on anti-phishing/pharming has also increased. The target sites of phishing/pharming are financial sites, and these have a low connection rate compared to those of portal sites. In this paper, we propose an anti-phishing/pharming method that uses a portal site as a stopover. The proposed method is based on the reliability of portal sites. This method is intended for general users rather than for professional users or developers. We also analyze the safety of the proposed method by separating the method into sub components of module safety assumption.

Cognitive Approach to Anti-Phishing and Anti-Pharming: Survey (피싱/파밍 예방을 위한 인지기반 접근 방법)

  • Hong, Sunghyuck
    • Journal of Convergence Society for SMB
    • /
    • v.3 no.2
    • /
    • pp.33-39
    • /
    • 2013
  • Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser. However, they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS Pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or Pharming is presented by using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or Pharming. Therefore, proposed method effective cognitive approach against phishing and Pharming attacks.

  • PDF

Cognitive Approach to Anti-Phishing and Anti-Pharming (피싱 및 파밍 방지를 위한 인지 기반의 접근 방법)

  • Kim, Ju-Hyun;Maeng, Young-Jae;Nyang, Dae-Hun;Lee, Kyung-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.1
    • /
    • pp.113-124
    • /
    • 2009
  • Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser, but they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or pharming is presented, using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or pharming, but observes if there were HTML code changing between plug-ins and a server.

Phishing Detection Methodology Using Web Sites Heuristic (웹사이트 특징을 이용한 휴리스틱 피싱 탐지 방안 연구)

  • Lee, Jin Lee;Park, Doo Ho;Lee, Chang Hoon
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.10
    • /
    • pp.349-360
    • /
    • 2015
  • In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-advantages respectively, but the phishing attack has not been eradicated completely yet. In this paper, we have studied phishing in detail and categorize a process of phishing attack in two parts - Landing-phase, Attack-phase. In addition, we propose an phishing detection methodology based on web sites heuristic. To extract web sites features, we focus on URL and source codes of web sites. To evaluate performance of the suggested method, set up an experiment and analyze its results. Our methodology indicates the detection accuracy of 98.9% with random forest algorithm. The evaluation of proof-of-concept reveals that web site features can be used for phishing detection.

Technique of Information Security for Users against Phishing Attacks (피싱 공격에 대한 사용자 정보보호 방안)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.10a
    • /
    • pp.736-739
    • /
    • 2008
  • Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a web site today requires only the server to be hat is considered untrusted.

  • PDF

A Comparative Study of Phishing Websites Classification Based on Classifier Ensemble

  • Tama, Bayu Adhi;Rhee, Kyung-Hyune
    • Journal of Korea Multimedia Society
    • /
    • v.21 no.5
    • /
    • pp.617-625
    • /
    • 2018
  • Phishing website has become a crucial concern in cyber security applications. It is performed by fraudulently deceiving users with the aim of obtaining their sensitive information such as bank account information, credit card, username, and password. The threat has led to huge losses to online retailers, e-business platform, financial institutions, and to name but a few. One way to build anti-phishing detection mechanism is to construct classification algorithm based on machine learning techniques. The objective of this paper is to compare different classifier ensemble approaches, i.e. random forest, rotation forest, gradient boosted machine, and extreme gradient boosting against single classifiers, i.e. decision tree, classification and regression tree, and credal decision tree in the case of website phishing. Area under ROC curve (AUC) is employed as a performance metric, whilst statistical tests are used as baseline indicator of significance evaluation among classifiers. The paper contributes the existing literature on making a benchmark of classifier ensembles for web phishing detection.

A Comparative Study of Phishing Websites Classification Based on Classifier Ensembles

  • Tama, Bayu Adhi;Rhee, Kyung-Hyune
    • Journal of Multimedia Information System
    • /
    • v.5 no.2
    • /
    • pp.99-104
    • /
    • 2018
  • Phishing website has become a crucial concern in cyber security applications. It is performed by fraudulently deceiving users with the aim of obtaining their sensitive information such as bank account information, credit card, username, and password. The threat has led to huge losses to online retailers, e-business platform, financial institutions, and to name but a few. One way to build anti-phishing detection mechanism is to construct classification algorithm based on machine learning techniques. The objective of this paper is to compare different classifier ensemble approaches, i.e. random forest, rotation forest, gradient boosted machine, and extreme gradient boosting against single classifiers, i.e. decision tree, classification and regression tree, and credal decision tree in the case of website phishing. Area under ROC curve (AUC) is employed as a performance metric, whilst statistical tests are used as baseline indicator of significance evaluation among classifiers. The paper contributes the existing literature on making a benchmark of classifier ensembles for web phishing detection.

Analyses of Detection and Protection for Phishing on Web page (웹페이지의 피싱 차단 탐지 기술에 대한 분석)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.05a
    • /
    • pp.607-610
    • /
    • 2008
  • Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in number and sophistication. According to a study by Gartner, Many Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed web site-based phishing attack.

  • PDF