SpringerLink
Log in

Website Risk Assessment System for Anti-Phishing

  • Conference paper
Future Information Technology

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 185))

Abstract

Phishing attacks steal a user’s identity data and financial account credentials using social engineering and technical spoofing techniques. Many counter measures have been developed to protect user’s sensitive information from phishing attacks. Although most approaches use both website black lists (WBLs) and website white lists (WWLs), these approaches have several weakneksses. This paper presents a novel anti-phishing Website Risk Assessment System (WRAS). WRAS computes a security risk index of website and generates warnings as to the website trustworthiness. Therefore, it can protect inexperienced users against spoofed website-based phishing attacks and exploit-based phishing attempts that may occur from legitimate web pages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 53.49
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anti-Phishing Working Group (APWG) (2011), http://www.antiphishing.org

  2. Kim, Y.-G., Cho, S.-H., Lee, J.-S., Lee, M.-S., Kim, I.H., Kim, S.H.: Method for evaluating the security risk of a website against phishing attacks. In: Yang, C.C., Chen, H., Chau, M., Chang, K., Lang, S.-D., Chen, P.S., Hsieh, R., Zeng, D., Wang, F.-Y., Carley, K.M., Mao, W., Zhan, J. (eds.) ISI Workshops 2008. LNCS, vol. 5075, pp. 21–31. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Microsoft, Sender ID Framework Overview (2011), http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx

  4. Yahoo: Yahoo! Anti-Spam Resource Center (2008), http://antispam.yahoo.com

  5. Mutual Internet Practices Association, DomainKeys Identified Mail, DKIM (2011), http://www.dkim.org

  6. Dhamija, R., Tygar, J.D.: The Battle against Phishing: Dynamic Security Skins. In: Proc. of the 2005 Symposium on Usable Privacy and Security (SOUPS 2005), pp. 77–88 (2005)

    Google Scholar 

  7. Dhamija, R., Tygar, J.D.: Phish and Hips: Human Interactive Proofs to Detect Phishing Attacks. In: Proc. of the Second International Workshop, pp. 127–141 (2005)

    Google Scholar 

  8. Fu, A.Y., Wenyin, L., Deng, X.: Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD). IEEE Transactions on Dependable and Secure Computing 3(4), 301–311 (2006)

    Article  Google Scholar 

  9. Liu, W., Deng, X., Huang, G., Fu, A.Y.: An Antiphishing Strategy Based on Visual Similarity Assessment. IEEE Internet Computing, 58–65 (2006)

    Google Scholar 

  10. Raffetseder, T., Kirda, E., Kruegel, C.: Building Anti-Phishing Browser Plug-Ins: An Experience Report. In: Proc. of third international workshop on Software Engineering for Secure Systems, SESS 2007 (2007)

    Google Scholar 

  11. Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: Client-side Defense against Web-Based Identity Theft. In: Proc. of 11th Annual Network and Distributed System Security Symposium, NDSS 2004 (2004)

    Google Scholar 

  12. NetCraft (2011), http://www.netcraft.com

  13. EarthLink (2011), http://www.earthlink.com

  14. Microsoft, Anti-Phishing Technology (2011), http://www.microsoft.com/mscorp/safety/technologies/antiphishing/

  15. Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: Proc. of Symposium On Usable Privacy and Security (SOUPS 2006), pp. 102–113. ACM Press, New York (2006)

    Chapter  Google Scholar 

  16. Emigh, A.: Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. ITTC Report on Online. Identity Theft Technology and Countermeasures (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Information and Communication, Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea

    Young-Gab Kim & Sungdeok Cha

Authors
  1. Young-Gab Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sungdeok Cha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology, 172 Gongreung 2-dong, Nowon-gu, 139-742, Seoul, Korea

    James J. Park

  2. Department of Computer Science, St. Francis Xavier University, B2G 2W5, Antigonish, NS, Canada

    Laurence T. Yang

  3. Hanshin University, 411 Yangsandong, 447-791, Osan-si, Korea

    Changhoon Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, YG., Cha, S. (2011). Website Risk Assessment System for Anti-Phishing. In: Park, J.J., Yang, L.T., Lee, C. (eds) Future Information Technology. Communications in Computer and Information Science, vol 185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22309-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22309-9_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22308-2

  • Online ISBN: 978-3-642-22309-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation