Cheng Hsin Hsu
ABSTRACT
Phishing websites gain billions of dollars of profits from stealing personal identities and private data. In this paper, an URL classification method is proposed to prioritize suspicious URLs in terms of phishing websites by examining the URL structures and performing string classification. Due to the fact that the average uptime of phishing sites is short, it is important for the proposed method to `timely react' to the newest phishing URLs while the URLs are still valid. Since the proposed method does not involve any web-crawling or content analysis, it can generate prioritized signatures from phishing URLs in a real-time fashion. Moreover, the proposed method consumes very little computing resources that, with an additional moderate PC, it can be injected into any existing real-time URL analysis system.
- Anti Phishing Working Group. Global Phishing Survry: Trends and Domain Name Use in 2H/2010. http://www.antiphishing.org/index.html. 2010Google Scholar
- Anti Phishing Working Group. Phishing Activity Trends Report, Q2/2010. http://www.antiphishing.org/reports/apwg_report_q2_2010.p df. 2010.Google Scholar
- Chen, X., Chandramouli, R. and Subbalakshmi, K. P. Scam Detection in Twitter. SIAM Text Mining Workshop, 2011.Google Scholar
- Farach, M. Optimal Suffix Tree Construction with Large Alphabets. FOCS: 137--143. 1997. Google ScholarDigital Library
- Gartner, Inc. Gartner Says Number of Phishing Attacks on U. S. Consumers Increased 40 Percent in 2008. http://www.gartner.com/it/page.jsp?id=936913, 2009.Google Scholar
- S. Abu-Nimeh, D. Nappa, X. Wang, and S. Nair. A comparison of machine learning techniques for phishing detection. In Proceedings of the eCrime Researchers Summit, 2007. Google ScholarDigital Library
- Weiner, P. Linear pattern matching algorithms. In SWAT '73: Proceedings of the 14th Annual Symposium on Switching and Automata Theory (swat 1973), pages 1--11, Washington, DC, USA, 1973. Google ScholarDigital Library
- Whittaker, C., Ryner, B., and Nazzif, M. Large-scale automatic classification of phishing pages. In The 17th Annual Network and Distributed Security Symposium (NDSS), 2010.Google Scholar
- Wikipedia: Phishing. http://en.wikipedia.org/wiki/PhishingGoogle Scholar
- Zamir, O. and Etzioni, O. Web document clustering: A feasibility demonstration. In Proceedings of SIGIR'98, University of Washington, Seattle, USA, 1998. Google ScholarDigital Library
Index Terms
- Identify fixed-path phishing attack by STC
Recommendations
How Experts Detect Phishing Scam Emails
CSCWPhishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails ...
A Sender-Centric Approach to Detecting Phishing Emails
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber SecurityEmail-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the ...
Socio-technological phishing prevention
AbstractPhishing is deceptive collection of personal information leading to embezzlement, identity theft, and so on. Preventive and combative measures have been taken by banking institutions, software vendors, and network authorities to fight ...
Comments