Title :
Leveraging the crowds to disrupt phishing
Author :
Gustafson, Joakim ; Jun Li
Author_Institution :
Network & Security Res. Lab., Univ. of Oregon, Eugene, OR, USA
Abstract :
Preventative anti-phishing approaches are not always effective. As there seem to be always users who ignore warnings, use old anti-phishing software, or rely on obsolete blacklists of phishing sites, phishers continue to find new victims who surrender their credentials to phishing sites. We thus take an aggressive anti-phishing approach, a research direction rarely explored. We study how we may disrupt phishing operations by injecting to phishing sites many fake credentials-also called honey tokens-that are indistinguishable from real credentials, allowing institutions under attack to detect and track phishing activities when honey tokens are used. We address the limitations from our early work, Humboldt 1.0, which automatically submits fake credentials but can fail if phishers take smart countermeasures. Based on a new architecture, Humboldt 2.0, we study how we may leverage human users to submit honey tokens successfully, while being resilient to various malicious countermeasures to our system. We further analyze its effectiveness and evaluate its cost using the Amazon Mechanical Turk service, showing that Humboldt 2.0 can successfully complement Humboldt 1.0.
Keywords :
computer crime; Amazon Mechanical Turk service; Humboldt 1.0; aggressive antiphishing approach; fake credentials; honey tokens; malicious countermeasures; obsolete blacklists; old antiphishing software; phishing activities detection; phishing activities track; phishing operations; phishing sites; preventative antiphishing approaches; CAPTCHAs; Conferences; Feeds; IP networks; Monitoring; Security; Servers; Humboldt; anti-phishing; honey token; phishing disruption;
Conference_Titel :
Communications and Network Security (CNS), 2013 IEEE Conference on
Conference_Location :
National Harbor, MD
DOI :
10.1109/CNS.2013.6682695
