{"title":"Proactive Phishing Sites Detection","authors":"Akihito Nakamura, Fuma Dobashi","doi":"10.1145/3350546.3352565","DOIUrl":null,"url":null,"abstract":"Phishing is one of the social engineering techniques to steal users’ sensitive information by disguising a fake Web site as a trustworthy one. Previous research proposed phishing mitigation techniques, such as blacklist, heuristics, visual similarity, and machine learning. However, these kinds of methods have limitation on the detection of a zero-hour phishing site, a phishing site that no one has noticed yet. This paper presents a new approach to the detection of zero-hour phishing sites: proactive detection. If those malicious sites are detected as early as possible, shutdown by the specialized agencies and mitigation of user damages are expected. We also present a method and system of efficient phishing site detection based on the proactive approach. The method is composed of two major parts: suspicious domain names generation and judgment. The former predicts likely phishing Web sites from the given legitimate brand domain name. The latter scores and judges suspects by calculating various indexes. That is, zero-hour phishing sites can be detected by hypothesis and test cycles. As a result of the preliminary experiment, we detected several zero-hour phishing sites disguising as major brands, including eBay, Google, and Amazon. CCS CONCEPTS • Security and privacy $\\rightarrow$ Phishing; Social network security and privacy.","PeriodicalId":171168,"journal":{"name":"2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3350546.3352565","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Phishing is one of the social engineering techniques to steal users’ sensitive information by disguising a fake Web site as a trustworthy one. Previous research proposed phishing mitigation techniques, such as blacklist, heuristics, visual similarity, and machine learning. However, these kinds of methods have limitation on the detection of a zero-hour phishing site, a phishing site that no one has noticed yet. This paper presents a new approach to the detection of zero-hour phishing sites: proactive detection. If those malicious sites are detected as early as possible, shutdown by the specialized agencies and mitigation of user damages are expected. We also present a method and system of efficient phishing site detection based on the proactive approach. The method is composed of two major parts: suspicious domain names generation and judgment. The former predicts likely phishing Web sites from the given legitimate brand domain name. The latter scores and judges suspects by calculating various indexes. That is, zero-hour phishing sites can be detected by hypothesis and test cycles. As a result of the preliminary experiment, we detected several zero-hour phishing sites disguising as major brands, including eBay, Google, and Amazon. CCS CONCEPTS • Security and privacy $\rightarrow$ Phishing; Social network security and privacy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
