• DocumentCode
    2336376
  • Title

    PhishNet: Predictive Blacklisting to Detect Phishing Attacks

  • Author

    Prakash, Pawan ; Kumar, Manish ; Kompella, Ramana Rao ; Gupta, Minaxi

  • Author_Institution
    Purdue Univ., West Lafayette, IN, USA
  • fYear
    2010
  • fDate
    14-19 March 2010
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Phishing has been easy and effective way for trickery and deception on the Internet. While solutions such as URL blacklisting have been effective to some degree, their reliance on exact match with the blacklisted entries makes it easy for attackers to evade. We start with the observation that attackers often employ simple modifications (e.g., changing top level domain) to URLs. Our system, PhishNet, exploits this observation using two components. In the first component, we propose five heuristics to enumerate simple combinations of known phishing sites to discover new phishing URLs. The second component consists of an approximate matching algorithm that dissects a URL into multiple components that are matched individually against entries in the blacklist. In our evaluation with real-time blacklist feeds, we discovered around 18,000 new phishing URLs from a set of 6,000 new blacklist entries. We also show that our approximate matching algorithm leads to very few false positives (3%) and negatives (5%).
  • Keywords
    Internet; computer crime; unsolicited e-mail; Internet; URL; approximate matching algorithm; blacklisting; phishing attack detection; Communications Society; Credit cards; Electronic commerce; Feeds; Humans; Information security; Internet; Law; Resilience; Uniform resource locators;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INFOCOM, 2010 Proceedings IEEE
  • Conference_Location
    San Diego, CA
  • ISSN
    0743-166X
  • Print_ISBN
    978-1-4244-5836-3
  • Type

    conf

  • DOI
    10.1109/INFCOM.2010.5462216
  • Filename
    5462216