SlideShare a Scribd company logo
1 of 10
Download to read offline
Anti-Phishing
Approaches
Lifeng Hu
lh2342@columbia.edu
What is Phishing?
 An engineering attack
 An attempt to trick individuals into revealing personal
credentials (uname, passwd, credit card info, etc)
 Based on faked email and websites
 A threat for the internet users
 Damages
- 73 million US adults
received more than 50
phishing emails a year
- $2.8 billion loss a year
Phishing Methods
 Establish websites having similar interface/URL
as famous websites
 Establish cheating websites to get users’
personal information
 Establish transparent website between original
websites and users
 Send emails containing malicious URL
 Send emails containing embed malicious
flash/picture files to avoid text checking of anti-
phishing
False positive/negative rate of
Anti-Phishing Approaches
 False negative rate: the rate of phishing websites being
regarded as good in all phishing websites
 False positive rate: the rate of good websites being
regarded as phishing in all good websites
 So, the lower false rates are, the better Anti-Phishing
approach is
goodphish
phish
goodgood
good
pf
goodphish
phish
goodgood
good
pf
goodphish
phish
goodgood
good
pf
phishgood
good
phishphish
phish
nf
phishgood
good
phishphish
phish
nf
Anti-Phishing Approaches
for Specific Websites
 Typically, designed by website companies
 An example is Sitekey mechanism of
BankOfAmerica online
 Pro: False negative rate is low
False positive rate can be zero
 Con: Not applicable for phishing emails
Anti-Phishing Approaches
Based on Database
 Anti-phishing Firewall : Kaspersky
 Anti-phishing Toolbar : Netcraft
 All based on on-line database
 Toolbar can provide URL statistics data in advance
 Pro: Applicable for both websites and emails
False negative rate can be low
False positive rate is low
 Con: Need frequent updates
Relatively hard to implement
False negative rate increases if not up-to-date
Anti-Phishing Approaches
Based on Content
 PILFER: email phishing detection based on machine-learning combining 10
filters:
- IP based URL: 192.168.0.1/paypal.cgi?fix=account
- Domain age from whois.net
- Non-matching URL: <a href=“phishingsite.com"> paypal.com</a>
- HTML email : hidden URLs
- Malicious JavaScript
- <More>…
 Pro: Practically, false positive and negative rate are relative low
Machine learning methods make it possible to improve accuracy
No constant update is needed
 Con: Still need updates on training data and filters to adapt new styles of
phishing emails
Network cost is a problem
Anti-Phishing Approaches
Based on Content (cont.)
 CANTINA: phishing website detection based on TF-IDF weight
- TF: the number of times a given term appears in a specific document
- IDF: a measure of the general importance of the term in all documents
- TF-IDF = TF/IDF, specifies term with frequency in a given document
- Search five top TF-IDF words of current web page in search engine such as
Google
- Current web page should be in top N (30) search results to be legitimate
 CANTINA also uses filters similar to PILFER to decrease false positive
 Pro: False positive and negative rate are very low
No constant update is needed
Search engine ranking is relative hard to cheat
 Con: Network cost is a problem
Too many phishing website searches may affect phishing websites’
ranking
Summary of mentioned
Anti-Phishing Approaches
Anti-Phishing Approaches False Positive False Negative
Implement
Effort
Adaptation
Update
Cycle
For Specific Websites Zero Low Easy Specific Website None
Firewall Based on Database Low Medium Medium
General
Web/Email
Very Frequently
Toolbar Based on Database Low Low Hard
General
Web/Email
Very Frequently
PILFER Low Low Medium General Email Sometimes
CANTINA Very Low Low Medium
General
Websites
Few
Thanks!

More Related Content

Similar to Lifeng hu anti_phishing

Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spammingKavis Pandey
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdfvinayakjadhav94
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101PECB
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxMaheshDhope1
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
Cyber Aware Presentation- Penny Austin.pptx
Cyber Aware Presentation- Penny Austin.pptxCyber Aware Presentation- Penny Austin.pptx
Cyber Aware Presentation- Penny Austin.pptxNebojaIli
 

Similar to Lifeng hu anti_phishing (20)

Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spamming
 
Seminar
SeminarSeminar
Seminar
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
Phishing
PhishingPhishing
Phishing
 
Internet Phishing
Internet PhishingInternet Phishing
Internet Phishing
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
 
Security At Home
Security At HomeSecurity At Home
Security At Home
 
Cyber Aware Presentation- Penny Austin.pptx
Cyber Aware Presentation- Penny Austin.pptxCyber Aware Presentation- Penny Austin.pptx
Cyber Aware Presentation- Penny Austin.pptx
 
Irm 13-phishing
Irm 13-phishingIrm 13-phishing
Irm 13-phishing
 

Recently uploaded

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 

Recently uploaded (20)

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 

Lifeng hu anti_phishing

  • 2. What is Phishing?  An engineering attack  An attempt to trick individuals into revealing personal credentials (uname, passwd, credit card info, etc)  Based on faked email and websites  A threat for the internet users  Damages - 73 million US adults received more than 50 phishing emails a year - $2.8 billion loss a year
  • 3. Phishing Methods  Establish websites having similar interface/URL as famous websites  Establish cheating websites to get users’ personal information  Establish transparent website between original websites and users  Send emails containing malicious URL  Send emails containing embed malicious flash/picture files to avoid text checking of anti- phishing
  • 4. False positive/negative rate of Anti-Phishing Approaches  False negative rate: the rate of phishing websites being regarded as good in all phishing websites  False positive rate: the rate of good websites being regarded as phishing in all good websites  So, the lower false rates are, the better Anti-Phishing approach is goodphish phish goodgood good pf goodphish phish goodgood good pf goodphish phish goodgood good pf phishgood good phishphish phish nf phishgood good phishphish phish nf
  • 5. Anti-Phishing Approaches for Specific Websites  Typically, designed by website companies  An example is Sitekey mechanism of BankOfAmerica online  Pro: False negative rate is low False positive rate can be zero  Con: Not applicable for phishing emails
  • 6. Anti-Phishing Approaches Based on Database  Anti-phishing Firewall : Kaspersky  Anti-phishing Toolbar : Netcraft  All based on on-line database  Toolbar can provide URL statistics data in advance  Pro: Applicable for both websites and emails False negative rate can be low False positive rate is low  Con: Need frequent updates Relatively hard to implement False negative rate increases if not up-to-date
  • 7. Anti-Phishing Approaches Based on Content  PILFER: email phishing detection based on machine-learning combining 10 filters: - IP based URL: 192.168.0.1/paypal.cgi?fix=account - Domain age from whois.net - Non-matching URL: <a href=“phishingsite.com"> paypal.com</a> - HTML email : hidden URLs - Malicious JavaScript - <More>…  Pro: Practically, false positive and negative rate are relative low Machine learning methods make it possible to improve accuracy No constant update is needed  Con: Still need updates on training data and filters to adapt new styles of phishing emails Network cost is a problem
  • 8. Anti-Phishing Approaches Based on Content (cont.)  CANTINA: phishing website detection based on TF-IDF weight - TF: the number of times a given term appears in a specific document - IDF: a measure of the general importance of the term in all documents - TF-IDF = TF/IDF, specifies term with frequency in a given document - Search five top TF-IDF words of current web page in search engine such as Google - Current web page should be in top N (30) search results to be legitimate  CANTINA also uses filters similar to PILFER to decrease false positive  Pro: False positive and negative rate are very low No constant update is needed Search engine ranking is relative hard to cheat  Con: Network cost is a problem Too many phishing website searches may affect phishing websites’ ranking
  • 9. Summary of mentioned Anti-Phishing Approaches Anti-Phishing Approaches False Positive False Negative Implement Effort Adaptation Update Cycle For Specific Websites Zero Low Easy Specific Website None Firewall Based on Database Low Medium Medium General Web/Email Very Frequently Toolbar Based on Database Low Low Hard General Web/Email Very Frequently PILFER Low Low Medium General Email Sometimes CANTINA Very Low Low Medium General Websites Few