Anti-phishing based on automated individual white-list

Authors:
Ye Cao;Weili Han;Yueran Le
Affiliations:
Software School, Fudan University, Shanghai, China;Software School, Fudan University, Shanghai, China;Software School, Fudan University, Shanghai, China
Venue:
Proceedings of the 4th ACM workshop on Digital identity management
Year:
2008

Citing 11
Cited 3

An experimental comparison of naive Bayesian and keyword-based anti-spam filtering with personal e-mail messages

SIGIR '00 Proceedings of the 23rd annual international ACM SIGIR conference on Research and development in information retrieval
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Passpet: convenient password management and phishing protection

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Cantina: a content-based approach to detecting phishing web sites

Proceedings of the 16th international conference on World Wide Web
Learning to detect phishing emails

Proceedings of the 16th international conference on World Wide Web
A large-scale study of web password habits

Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Anti-Phishing by Smart Mobile Device

NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
Delayed password disclosure

Proceedings of the 2007 ACM workshop on Digital identity management
Dynamic pharming attacks and locked same-origin policies for web browsers

Proceedings of the 14th ACM conference on Computer and communications security

Mixed-initiative security agents

Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Phishing detection with popular search engines: simple and effective

FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Using automated individual white-list to protect web digital identities

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In phishing and pharming, users could be easily tricked into submitting their username/passwords into fraudulent web sites whose appearances look similar as the genuine ones. The traditional blacklist approach for anti-phishing is partially effective due to its partial list of global phishing sites. In this paper, we present a novel anti-phishing approach named Automated Individual White-List (AIWL). AIWL automatically tries to maintain a white-list of user's all familiar Login User Interfaces (LUIs) of web sites. Once a user tries to submit his/her confidential information to an LUI that is not in the white-list, AIWL will alert the user to the possible attack. Next, AIWL can efficiently defend against pharming attacks, because AIWL will alert the user when the legitimate IP is maliciously changed; the legitimate IP addresses, as one of the contents of LUI, are recorded in the white-list and our experiment shows that popular web sites' IP addresses are basically stable. Furthermore, we use Naïve Bayesian classifier to automatically maintain the white-list in AIWL. Finally, we conclude through experiments that AIWL is an efficient automated tool specializing in detecting phishing and pharming.