Abstract
Phishing attacks steal a user’s identity data and financial account credentials using social engineering and technical spoofing techniques. Many counter measures have been developed to protect user’s sensitive information from phishing attacks. Although most approaches use both website black lists (WBLs) and website white lists (WWLs), these approaches have several weakneksses. This paper presents a novel anti-phishing Website Risk Assessment System (WRAS). WRAS computes a security risk index of website and generates warnings as to the website trustworthiness. Therefore, it can protect inexperienced users against spoofed website-based phishing attacks and exploit-based phishing attempts that may occur from legitimate web pages.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anti-Phishing Working Group (APWG) (2011), http://www.antiphishing.org
Kim, Y.-G., Cho, S.-H., Lee, J.-S., Lee, M.-S., Kim, I.H., Kim, S.H.: Method for evaluating the security risk of a website against phishing attacks. In: Yang, C.C., Chen, H., Chau, M., Chang, K., Lang, S.-D., Chen, P.S., Hsieh, R., Zeng, D., Wang, F.-Y., Carley, K.M., Mao, W., Zhan, J. (eds.) ISI Workshops 2008. LNCS, vol. 5075, pp. 21–31. Springer, Heidelberg (2008)
Microsoft, Sender ID Framework Overview (2011), http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
Yahoo: Yahoo! Anti-Spam Resource Center (2008), http://antispam.yahoo.com
Mutual Internet Practices Association, DomainKeys Identified Mail, DKIM (2011), http://www.dkim.org
Dhamija, R., Tygar, J.D.: The Battle against Phishing: Dynamic Security Skins. In: Proc. of the 2005 Symposium on Usable Privacy and Security (SOUPS 2005), pp. 77–88 (2005)
Dhamija, R., Tygar, J.D.: Phish and Hips: Human Interactive Proofs to Detect Phishing Attacks. In: Proc. of the Second International Workshop, pp. 127–141 (2005)
Fu, A.Y., Wenyin, L., Deng, X.: Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD). IEEE Transactions on Dependable and Secure Computing 3(4), 301–311 (2006)
Liu, W., Deng, X., Huang, G., Fu, A.Y.: An Antiphishing Strategy Based on Visual Similarity Assessment. IEEE Internet Computing, 58–65 (2006)
Raffetseder, T., Kirda, E., Kruegel, C.: Building Anti-Phishing Browser Plug-Ins: An Experience Report. In: Proc. of third international workshop on Software Engineering for Secure Systems, SESS 2007 (2007)
Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: Client-side Defense against Web-Based Identity Theft. In: Proc. of 11th Annual Network and Distributed System Security Symposium, NDSS 2004 (2004)
NetCraft (2011), http://www.netcraft.com
EarthLink (2011), http://www.earthlink.com
Microsoft, Anti-Phishing Technology (2011), http://www.microsoft.com/mscorp/safety/technologies/antiphishing/
Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: Proc. of Symposium On Usable Privacy and Security (SOUPS 2006), pp. 102–113. ACM Press, New York (2006)
Emigh, A.: Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. ITTC Report on Online. Identity Theft Technology and Countermeasures (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, YG., Cha, S. (2011). Website Risk Assessment System for Anti-Phishing. In: Park, J.J., Yang, L.T., Lee, C. (eds) Future Information Technology. Communications in Computer and Information Science, vol 185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22309-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-22309-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22308-2
Online ISBN: 978-3-642-22309-9
eBook Packages: Computer ScienceComputer Science (R0)