PhishGuard:一个浏览器插件，用于防止网络钓鱼

2008 2nd International Conference on Internet Multimedia Services Architecture and Applications Pub Date : 2008-12-01 DOI:10.1109/IMSAA.2008.4753929

Y. Joshi, S. Saklikar, D. Das, S. Saha

{"title":"PhishGuard:一个浏览器插件，用于防止网络钓鱼","authors":"Y. Joshi, S. Saklikar, D. Das, S. Saha","doi":"10.1109/IMSAA.2008.4753929","DOIUrl":null,"url":null,"abstract":"Phishing is an act of identity theft aimed at acquiring sensitive information such as usernames, passwords, credit card detail etc., by masquerading as a trustworthy entity in an electronic communication. Phishers use a number of different social engineering mechanism such as spoofed e-mail to try to trick their victims. Data suggests that some of the phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites resulting in a direct loss of multi Billion Dollars across the countries. Though there are many existing anti-phishing solutions, Phishers continue to succeed to lure victims. In this paper, we have proposed a novel algorithm which aims at identifying a forged website by submitting random credentials before the actual credentials in a login process of a website. We have also proposed a mechanism for analysing the responses from the server against the submissions of all those credentials to determine if the website is original or phished one. Though our idea is generic and would work in any authentication technologies which are based on exchange of any credentials, our current prototype is developed for sites supporting HTTP Digest Authentication and accepting userid and password pair as credential. Our algorithm is developed within a browser plug-in for Mozilla FireFox v3.0. and can detect phishing attack conclusively.","PeriodicalId":393607,"journal":{"name":"2008 2nd International Conference on Internet Multimedia Services Architecture and Applications","volume":"64 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":"{\"title\":\"PhishGuard: A browser plug-in for protection from phishing\",\"authors\":\"Y. Joshi, S. Saklikar, D. Das, S. Saha\",\"doi\":\"10.1109/IMSAA.2008.4753929\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Phishing is an act of identity theft aimed at acquiring sensitive information such as usernames, passwords, credit card detail etc., by masquerading as a trustworthy entity in an electronic communication. Phishers use a number of different social engineering mechanism such as spoofed e-mail to try to trick their victims. Data suggests that some of the phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites resulting in a direct loss of multi Billion Dollars across the countries. Though there are many existing anti-phishing solutions, Phishers continue to succeed to lure victims. In this paper, we have proposed a novel algorithm which aims at identifying a forged website by submitting random credentials before the actual credentials in a login process of a website. We have also proposed a mechanism for analysing the responses from the server against the submissions of all those credentials to determine if the website is original or phished one. Though our idea is generic and would work in any authentication technologies which are based on exchange of any credentials, our current prototype is developed for sites supporting HTTP Digest Authentication and accepting userid and password pair as credential. Our algorithm is developed within a browser plug-in for Mozilla FireFox v3.0. and can detect phishing attack conclusively.\",\"PeriodicalId\":393607,\"journal\":{\"name\":\"2008 2nd International Conference on Internet Multimedia Services Architecture and Applications\",\"volume\":\"64 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"54\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 2nd International Conference on Internet Multimedia Services Architecture and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMSAA.2008.4753929\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 2nd International Conference on Internet Multimedia Services Architecture and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMSAA.2008.4753929","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 54

摘要

网络钓鱼是一种盗用身份的行为，目的是在电子通信中伪装成一个值得信赖的实体，以获取用户名、密码、信用卡详细信息等敏感信息。网络钓鱼者使用许多不同的社会工程机制，如欺骗电子邮件来试图欺骗受害者。数据显示，一些网络钓鱼攻击已经说服多达5%的收件人向欺骗网站提供敏感信息，导致各国直接损失数十亿美元。虽然有许多现有的反网络钓鱼解决方案，但网络钓鱼者仍然成功地引诱受害者。在本文中，我们提出了一种新的算法，旨在通过在网站登录过程中在实际凭据之前提交随机凭据来识别伪造网站。我们还提出了一种机制，用于分析服务器对所有这些凭据提交的响应，以确定该网站是原始网站还是钓鱼网站。虽然我们的想法是通用的，并且适用于基于任何凭证交换的任何身份验证技术，但我们当前的原型是为支持HTTP摘要身份验证并接受用户id和密码对作为凭证的站点开发的。我们的算法是在Mozilla FireFox v3.0的浏览器插件中开发的。并能准确检测网络钓鱼攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

PhishGuard: A browser plug-in for protection from phishing

Phishing is an act of identity theft aimed at acquiring sensitive information such as usernames, passwords, credit card detail etc., by masquerading as a trustworthy entity in an electronic communication. Phishers use a number of different social engineering mechanism such as spoofed e-mail to try to trick their victims. Data suggests that some of the phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites resulting in a direct loss of multi Billion Dollars across the countries. Though there are many existing anti-phishing solutions, Phishers continue to succeed to lure victims. In this paper, we have proposed a novel algorithm which aims at identifying a forged website by submitting random credentials before the actual credentials in a login process of a website. We have also proposed a mechanism for analysing the responses from the server against the submissions of all those credentials to determine if the website is original or phished one. Though our idea is generic and would work in any authentication technologies which are based on exchange of any credentials, our current prototype is developed for sites supporting HTTP Digest Authentication and accepting userid and password pair as credential. Our algorithm is developed within a browser plug-in for Mozilla FireFox v3.0. and can detect phishing attack conclusively.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 2nd International Conference on Internet Multimedia Services Architecture and Applications

自引率

0.00%

发文量