Upload
chaithrashree-bk
View
116
Download
0
Tags:
Embed Size (px)
Citation preview
A HYBRID SYSTEM TO FIND & FIGHT PHISHING ATTACKS ACTIVELYBYCHAITHRASHREE B K
WHAT IS PHISHING?Phishing is an attack of identity theft, where criminals create fake web sites which counterfeit as famous organizations and ask users to fill out their personal confidential information. It is a criminal activity using social engineering techniques. It is also called as brand spoofing.
IS PHISHING A SERIOUS PROBLEM? According
to a study by Gartner, 57 million Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information.
TILL OCT,2011APAC HAS HANDLED 68,925 PHISHING WEBSITES.
1000
2000
3000
4000
5000
6000
0 08/07 08/08 08/09 08/10 08/11 08/12 09/01 09/02 09/03 09/04 09/05 09/06 09/07 09/08 09/09 09/10 09/11 09/12 10/01 10/02 10/03 10/04 10/05 10/06 10/07 10/08 10/09 10/11 10/12 11/01 11/02 11/03 11/04 11/05 11/06 11/07 11/08 11/09 11/10
EXAMPLE:
http://signinebay.com-cgibin.tk/eBaydll.php
WHOIS 210.104.211.21: Location: Korea
Even bigger problem:I dont have an account with US Bank!
THE MAIN FEATURES IN PHISHING ATTACKS: The
principal phishing web pages are more likely to be hidden deeply in phishing websites to avoid phishing detection, so their entire URLs are always complicated and multilevel. The living time of phishing URLs is shorter and shorter.
TYPES OF PHISHING ATTACKS:Spoofed
e-mails and web
sites Exploit-based phishing attacks.
SPOOFED E-MAILS: The
idea here to persuade the victim to send back sensitive information, using an e-mail formal request. Similar to scam where the attacker send a fake winning notification to the victim asking for his credit card number and so on
SPOOFED WEB SITES: Many
organizations, such as banks, do not provide interactive services based on e-mail where the user has to provide a password but use their websites to provide such interactive services (even on SSL!).
EXPLOIT-BASED PHISHING ATTACKS: Some
phishing attacks are technically more sophisticated and make use of wellknown vulnerabilities in popular web browsers such the Internet Explorer to install malicious software that collects sensitive information about the victim. Which malware will the attackers use?
Key loggers. Remote machine controllers.
TRADITIONAL ANTI-PHISHING METHODS:Most browser makers use blacklist provided by anti-phishing organizations, like APWG and PhishTank , to block phishing URLs. Some researchers made tools to detect userprovided URLs through heuristic rules to determine whether they are phishing URLs or not. DISADVANTAGE: It works in a passive way, not fast and efficient enough to find and take down phishing attacks.
HYBRID METHOD BY AntiPhishing Alliance of China (APAC):APAC is the authoritative anti-phishing organization whose main duty is receiving all phishing reports in China and doing appropriate handling on those real phishing attacks as quickly as possible. It proposed a hybrid method to detect general phishing attacks in an active way through DNS query logs and known phishing URLs.
DISCOVERING PHISHING SITES IN AN ACTIVE WAY:To find suspicious phishing hosts. Recursive DNS query logs record all the living hosts which are visited by local users. Known phishing URLs are used to get frequentlyused phishing paths. we can find phishing URLs actively by constructing URLs using phishing hosts and phishing paths.
FLOWCHART OF ANTI-PHISHING SYSTEM:DNS Query Logs
Preprocess Phishing Path Frequency Compute
Phishing Hosts Retrieval
Suspicious Phishing Host Phishing Paths
Phishing Repository
Phishing URL Constructi on
TOP N
Phishing URL
Domain Register Information
Third Part Information Filtering
URL Existence Detection
APAC
PHISHING URL CONSTRUCTION PROCESS:
DEPLOYMENT & RUNNING:Receiving and processing logs at 1:00 PM each day. Auto-analyze phishing reports to refresh phishing paths frequency.
Suspicious phishing hosts are auto-pushed
Phishing web pages screenshot are autostored as evidences.
CONCLUSION:The results of the present study are as follows: A hybrid method to discover phishing attacks actively by DNS logs and known phishing knowledge. Phishing detection system reporting Chinese phishing attacks to APAC and its contribution in anti-phishing.
SCOPE FOR FURTHER WORK:The present study can be further extended with the following suggestions kept in mind To
determine the quantity of high frequency paths, that are needed in constructing URLs in order to balance computing efficiency and recall rate. Visual similarity in calculating LD between strings can be considered.
REFERENCE: www.google.com www.wikipedia.com
http://technet.microsoft.com
THANK YOU