Method for Evaluating the Security Risk of a Website Against Phishing Attacks

Authors:
Young-Gab Kim;Sanghyun Cho;Jun-Sub Lee;Min-Soo Lee;In Ho Kim;Sung Hoon Kim
Affiliations:
Graduate School of Information Management and Security, Center for Information Security Technologies (CIST), Korea University, Seoul, Korea 136-701;NHN Corporation IT Security Analysis Team, Gyeonggi-do, Korea;Div. of Computer Science Dept. of EECS, Korea Advanced Institute of Science and Technology (KAIST), Daejeon, Korea 305-701;Div. of Computer Science Dept. of EECS, Korea Advanced Institute of Science and Technology (KAIST), Daejeon, Korea 305-701;Korea Information Security Agency (KISA), Seoul, Koera 138-950;Korea Information Security Agency (KISA), Seoul, Koera 138-950
Venue:
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Year:
2008

Citing 7
Cited 1

The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An Antiphishing Strategy Based on Visual Similarity Assessment

IEEE Internet Computing
Web wallet: preventing phishing attacks by revealing user intentions

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD)

IEEE Transactions on Dependable and Secure Computing
Building Anti-Phishing Browser Plug-Ins: An Experience Report

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Phish and HIPs: human interactive proofs to detect phishing attacks

HIP'05 Proceedings of the Second international conference on Human Interactive Proofs

A quantitative approach to estimate a website security risk using whitelist

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

As Internet technologies evolve, phishing and pharming attacks frequently occur and diversify. In order to protect the economic loss and privacy of Internet users against the phishing attacks, several researches such as website authentication and email authentication have been studied. Although, most of them use website black-list (WBL) or website white-list (WWL), there are several weak points, such as validity of WBL DB (database) and the short life-cycle of phishing websites. That is, it is impossible to discriminate between legitimate and forged websites until the phishing attacks are detected and recorded into WBL DB. Furthermore, the existing WBL and WWL approaches hardly counter the new generation of sophisticated malware pharming attacks. In this paper, in order to overcome the limitation of WBL and WWL approaches, new approach based on the WWL approach, which can quantitatively estimate the security risk of websites that is security risk degree representing the phishing websites, is proposed.