SPS: a simple filtering algorithm to thwart phishing attacks

Authors:
Daisuke Miyamoto;Hiroaki Hazeyama;Youki Kadobayashi
Affiliations:
Nara Institute of Science and Technology, Nara, Japan;Nara Institute of Science and Technology, Nara, Japan;Nara Institute of Science and Technology, Nara, Japan
Venue:
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Year:
2005

Citing 6
Cited 3

Detection of phishing webpages based on visual similarity

WWW '05 Special interest tracks and posters of the 14th international conference on World Wide Web
Characteristics and responsibilities involved in a Phishing attack

WISICT '05 Proceedings of the 4th international symposium on Information and communication technologies
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Protecting Users Against Phishing Attacks with AntiPhish

COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
Modeling and preventing phishing attacks

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Phish and HIPs: human interactive proofs to detect phishing attacks

HIP'05 Proceedings of the Second international conference on Human Interactive Proofs

Examining the impact of website take-down on phishing

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
There is no free phish: an analysis of "free" and live phishing kits

WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
E-Mail Classification for Phishing Defense

ECIR '09 Proceedings of the 31th European Conference on IR Research on Advances in Information Retrieval

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we explain that by only applying a simple filtering algorithm into various proxy systems, almost all phishing attacks can be blocked without loss of convenience to the user. We propose a system based on a simple filtering algorithm which we call the Sanitizing Proxy System (SPS). The key idea of SPS is that Web phishing attack can be immunized by removing part of the content that traps novice users into entering their personal information. Also, since SPS sanitizes all HTTP responses from suspicious URLs with warning messages, novice users will realize that they are browsing phishing sites. The SPS filtering algorithm is very simple and can be described in roughly 20 steps, and can also be built in any proxy system, such as a server solution, a personal firewall or a browser plug-in. By using SPS with a transparent proxy server, novice users will be protected from almost all Web phishing attacks even if novice users misbehave. With a deployment model, robustness and evaluation, we discuss the feasibility of SPS in today’s network operations.