Shams Zawoad, A. Dutta, A. Sprague, Ragib Hasan, Jason Britt, Gary Warner
{"title":"网络钓鱼:使用丢弃的电子邮件地址调查网络钓鱼集群","authors":"Shams Zawoad, A. Dutta, A. Sprague, Ragib Hasan, Jason Britt, Gary Warner","doi":"10.1109/ECRS.2013.6805777","DOIUrl":null,"url":null,"abstract":"The most common approach to collect users' secret credentials from phishing websites is to email the credentials to criminals' email addresses which we call drop email addresses. We propose a clustering algorithm, which is based on the assumption that if there is a common drop email address found in the phishing kits from two different phishing websites, then these two websites are directly related. Based on obfuscated and plain-text drop email addresses, we produce two types of clusters: one is called phishing kit creator cluster and another is kit user cluster. Clustering related phishing websites using our proposed approach will allow phishing investigators to focus their investigative efforts on important phishing attacks rather than random attacks. For example, in January 2013, 1475 phishing websites are hosted by only 317 groups of phishers (who we will call kit users). Our scheme will thus help investigators to narrow investigation to pervasive phishing criminals. By analyzing the clusters generated using our clustering approach, we can determine the strongest and most pervasive phishers, and phishing kit creators, relationships between phishing kit creators and phishing kit users, and the most dominant phisher of one group. These findings have real-life implication in phishing investigation paradigm.","PeriodicalId":110678,"journal":{"name":"2013 APWG eCrime Researchers Summit","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Phish-Net: Investigating phish clusters using drop email addresses\",\"authors\":\"Shams Zawoad, A. Dutta, A. Sprague, Ragib Hasan, Jason Britt, Gary Warner\",\"doi\":\"10.1109/ECRS.2013.6805777\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The most common approach to collect users' secret credentials from phishing websites is to email the credentials to criminals' email addresses which we call drop email addresses. We propose a clustering algorithm, which is based on the assumption that if there is a common drop email address found in the phishing kits from two different phishing websites, then these two websites are directly related. Based on obfuscated and plain-text drop email addresses, we produce two types of clusters: one is called phishing kit creator cluster and another is kit user cluster. Clustering related phishing websites using our proposed approach will allow phishing investigators to focus their investigative efforts on important phishing attacks rather than random attacks. For example, in January 2013, 1475 phishing websites are hosted by only 317 groups of phishers (who we will call kit users). Our scheme will thus help investigators to narrow investigation to pervasive phishing criminals. By analyzing the clusters generated using our clustering approach, we can determine the strongest and most pervasive phishers, and phishing kit creators, relationships between phishing kit creators and phishing kit users, and the most dominant phisher of one group. These findings have real-life implication in phishing investigation paradigm.\",\"PeriodicalId\":110678,\"journal\":{\"name\":\"2013 APWG eCrime Researchers Summit\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 APWG eCrime Researchers Summit\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ECRS.2013.6805777\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 APWG eCrime Researchers Summit","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECRS.2013.6805777","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Phish-Net: Investigating phish clusters using drop email addresses
The most common approach to collect users' secret credentials from phishing websites is to email the credentials to criminals' email addresses which we call drop email addresses. We propose a clustering algorithm, which is based on the assumption that if there is a common drop email address found in the phishing kits from two different phishing websites, then these two websites are directly related. Based on obfuscated and plain-text drop email addresses, we produce two types of clusters: one is called phishing kit creator cluster and another is kit user cluster. Clustering related phishing websites using our proposed approach will allow phishing investigators to focus their investigative efforts on important phishing attacks rather than random attacks. For example, in January 2013, 1475 phishing websites are hosted by only 317 groups of phishers (who we will call kit users). Our scheme will thus help investigators to narrow investigation to pervasive phishing criminals. By analyzing the clusters generated using our clustering approach, we can determine the strongest and most pervasive phishers, and phishing kit creators, relationships between phishing kit creators and phishing kit users, and the most dominant phisher of one group. These findings have real-life implication in phishing investigation paradigm.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
