Trigger-based Blocking Mechanism for Access to Email-derived Phishing URLs with User Alert

Abstract

Email is one of the important and indispensable Internet services, but in the meanwhile, the spread of emailderived phishing URLs has been one of the critical cyber threats for a long time. The security facilities in organization networks are suffering from monitoring and analyzing all traffic besides emails which consumes much computing resource. In this paper, we propose a trigger-based blocking mechanism for accessing the email-derived phishing URLs with user alert to protect the end users from phishing attacks. The proposed system practically uses the Domain Name System (DNS) and the Response Policy Zone (RPZ) feature to direct the triggered HTTP(S) access for the email-derived phishing URLs to a particular proxy. Then the HTTP(S) communication can be detected and blocked based on the users’ decisions by alerting them. A prototype for the proposed mechanism has been implemented and the preliminary feature evaluations in a local experimental network have been conducted. The evaluation results confirmed that all the HTTP(S) access for the email-derived phishing URLs was successfully directed to the pre-constructed particular HTTP(S) proxy, then an alert page was showed up to the end users, and the access was passed through or blocked based on the end users’ decisions.