A honeypots based anti-phishing framework

Abstract

Honeypots have been extensively used, as a very powerful anti-phishing tool, by IT security experts and financial institutions to gather spurious mails of phishing kind. This has helped the security service providers to detect new phishing sites and quickly shut them down. Honeypots are also deployed to collect critical information about activities of people involved in phishing, helping in generation of statistical data to later aid in security research and forensic investigations. More recently, active feeding of phishers with honeytokens is also proposed as a proactive security mechanism, in line with the “taking the war to their home” approach. In this research paper, we elaborate certain problems of anti-phishing solutions based on honeypots being used currently. We propose to minimize or overcome these limitations/problems by performing the makeover of real online banking system into a large honeypot armed with honeytokens. This large honeypot will be supported by some additional honeypots, to make it more powerful. A phishing attempt detection algorithm, called PhishDetekt, is used to automatically sense dubious phishers' bids of stealing money from victims' bank accounts. The system asks for the potential victim's reconfirmation for the transaction under suspicion. This results in development of a new honeypot-based anti-phishing framework. As a vital component of the proposed framework, we also propose to use virtual honeypots-emulating agents to mimic behavior of real users to access the Online banking system regularly. The main objective of such agents will be to submit honeytokens to phishing malware and to take the fight against phishers to their own territory.