Department of Computer Science & Engg
College of Engineering,
Submitted by
Umme Ayesha
CONTENT
SL.NO TOPICS PAGE NO.
1 INTRODUCTION 1
2 OBJECTIVES 2
3 DEFINITIONS,MOTIVES,IMPORTANCE 3-7
5 MITIGATION OF PHISHIN...
INTRODUCTION
 PHISHING is a social engineering attack that aims at
exploiting the weakness found in system processes as
c...
OBJECTIVES
 Definitions
 Phishing Campaign
 Evaluation Metrics
 Detection
 Evaluation
DEPT.OF COMPUTER SCIENCE
PHISHI...
DEFINITIONS
 “Phishing is a fraudulent attempt, usually made through
email, to steal your personal information”
 “We defi...
PHISHING MOTIVES
 The primary motives behind phishing attacks, from an
attacker’s perspective, are:
 Financial Gain: phi...
DEPT.OF COMPUTER SCIENCE
PHISHING DETECTION-A LITERATURE SURVEY
5 2014
IMPORTANCE
 According to APWG, phishing attacks were in a raise till
August, 2009 40,621 unique phishing reports were
sub...
PHISHING DETECTION-A LITERATURE SURVEY
DEPT.OF COMPUTER SCIENCE 7 2014
MITIGATION OF PHISHING
ATTACKS
Once the phishing attack is detected, a number of actions
could be applied against the camp...
PHISHING DETECTION-A LITERATURE SURVEY
DEPT.OF COMPUTER SCIENCE 20149
(1) Detection Approaches
 User Training Approaches - end-users can be educated to
better understand the nature of phishin...
(2) Offensive Defence Approach
 Offensive defence solutions aim to render phishing cam-
pains useless for the attackers b...
(3)Correction Approach
Correction is the act of taking the phishing resources down.
This is often achieved by reporting at...
DEPT.OF COMPUTER SCIENCE
PHISHING DETECTION-A LITERATURE SURVEY
13 2014
(4)Prevention Approaches
The “prevention” of phishing attacks can be confusing, as it
can mean different things depending ...
EVALUATION METRICS
PHISHING DETECTION-A LITERATURE SURVEY
15 2014DEPT.OF COMPUTER SCIENCE
DEPT.OF COMPUTER SCIENCE
DETECTION OF PHISHING ATTACKS
 Passive and Active Warnings
• Passive warnings — the warning does...
FireFox displaying an active warning page
against a suspected unsafe site.
Displaying a passive warning page
against a sus...
 Google Safe Browsing API
 Enables client applications to validate whether a given
URL exists in blacklists that are con...
Algorithm 1 Protocolv2Spec phishing
detection in pseudo- code
1: Hf ← sha256(URL)
2: Ht ← truncate(Hf,32)
3: if Ht ∈ Hl th...
 Visual similarity
 Classification with Discriminative Keypoint Features.
 This mechanism is agnostic to the underlying ...
PHISHING DETECTION-A LITERATURE SURVEY
DEPT.OF COMPUTER SCIENCE 21 2014
EVALUATION
 The study concluded that user training approaches are
promising. Virtually user training approaches increased...
CONCLUSION
 Phishing is a growing crime and one that we must be
aware of. Although laws have been enacted, education is
t...
REFERENCES
[1] Mahmoud Khonji, Youssef Iraqi, Senior Member, IEEE, and Andrew Jones. IEEE
COMMUNICATIONS SURVEYS & TUTORIA...
201425DEPT.OF COMPUTER SCIENCE
PHISHING DETECTION-A LITERATURE SURVEY
PHISHING DETECTION
Upcoming SlideShare
Loading in...5
×

PHISHING DETECTION

1,452
-1

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,452
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
112
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PHISHING DETECTION

  1. 1. Department of Computer Science & Engg College of Engineering, Submitted by Umme Ayesha
  2. 2. CONTENT SL.NO TOPICS PAGE NO. 1 INTRODUCTION 1 2 OBJECTIVES 2 3 DEFINITIONS,MOTIVES,IMPORTANCE 3-7 5 MITIGATION OF PHISHING ATTACKS 8-12 6 DETECTION OF PHISHING ATTACKS 13-22 7 EVALUATIONOF PHISHING TECHNIQUES 23 8 CONCLUSION 24 9 REFERENCES 25 DEPT. OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 2014
  3. 3. INTRODUCTION  PHISHING is a social engineering attack that aims at exploiting the weakness found in system processes as caused by system users.  For eg. user leak their passwords if an attacker asked them to update via http link.  Due to the broad nature of the phishing problem, this phishing detection survey was began. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 20141
  4. 4. OBJECTIVES  Definitions  Phishing Campaign  Evaluation Metrics  Detection  Evaluation DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 2 2014
  5. 5. DEFINITIONS  “Phishing is a fraudulent attempt, usually made through email, to steal your personal information”  “We define a phishing page as any web page that, without permission, alleges to act on behalf of a third party with the intention of confusing viewers into performing an action with which the viewer would only trust a true agent of the third party”  Phishing is a type of computer attack that communicates socially engineered messages to humans via electronic communication channels in order to persuade them to perform certain actions for the attacker’s benefit. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 3 2014
  6. 6. PHISHING MOTIVES  The primary motives behind phishing attacks, from an attacker’s perspective, are:  Financial Gain: phishers can use stolen banking creden- tials to their financial benefits.  Identity Hiding: instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities  Fame and Notoriety: phishers might attack victims for the sake of peer recognition. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 4 2014
  7. 7. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 5 2014
  8. 8. IMPORTANCE  According to APWG, phishing attacks were in a raise till August, 2009 40,621 unique phishing reports were submitted to APWG.  Drop in campaign due disappearence of Avanlanche gang. (2010-11)  Avalanche gang from traditional phishing campaigns into malware-based phishing campaigns. (raise) PHISHING DETECTION-A LITERATURE SURVEY DEPT.OF COMPUTER SCIENCE 6 2014
  9. 9. PHISHING DETECTION-A LITERATURE SURVEY DEPT.OF COMPUTER SCIENCE 7 2014
  10. 10. MITIGATION OF PHISHING ATTACKS Once the phishing attack is detected, a number of actions could be applied against the campaign. The following categories of approaches exist:  Detection approaches  Offensive Defence Approach  Correction Approach  Prevention Approach DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 8 2014
  11. 11. PHISHING DETECTION-A LITERATURE SURVEY DEPT.OF COMPUTER SCIENCE 20149
  12. 12. (1) Detection Approaches  User Training Approaches - end-users can be educated to better understand the nature of phishing attacks, phishing and non-phishing messages.  Software classification approaches — these mitigation approaches aim at classifying phishing and legitimate messages on behalf of the user in an attempt to bridge the gap that is left due to the human error or ignorance. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201410
  13. 13. (2) Offensive Defence Approach  Offensive defence solutions aim to render phishing cam- pains useless for the attackers by disrupting the phishing campaigns.  This is often achieved by flooding phishing web- sites with fake credentials so that the attacker would have a difficult time to find the real credentials.  Example, BogusBiter : A browser toolbar that submits fake information in HTML forms whenever a phishing website is encountered. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201411
  14. 14. (3)Correction Approach Correction is the act of taking the phishing resources down. This is often achieved by reporting attacks to Service Providers. Phishing campaigns often rely on resources, such as:  Websites  E-mail messages  Social Networking services In order to correct such attempts • Removal of phishing content from websites, or suspension of hosting services. • Suspension of email accounts, SMTP relays, VoIP ser vices. • Trace back and shutdown of botnets. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201412
  15. 15. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 13 2014
  16. 16. (4)Prevention Approaches The “prevention” of phishing attacks can be confusing, as it can mean different things depending on its context:  Prevention of users from falling victim — in this case, phishing techniques will also be considered prevention techniques.  Prevention of attackers from starting phishing campaigns — law suits and penalties against attackers by Law Enforcement Agencies (LEAs) are considered as prevention techniques. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201414
  17. 17. EVALUATION METRICS PHISHING DETECTION-A LITERATURE SURVEY 15 2014DEPT.OF COMPUTER SCIENCE
  18. 18. DEPT.OF COMPUTER SCIENCE DETECTION OF PHISHING ATTACKS  Passive and Active Warnings • Passive warnings — the warning does not block the content-area and enables the user to view both the content and the warning. • Active warnings — the warning blocks the content- data, which prohibits the user from viewing the content- data while the warning is displayed PHISHING DETECTION-A LITERATURE SURVEY 201416
  19. 19. FireFox displaying an active warning page against a suspected unsafe site. Displaying a passive warning page against a suspected unsafe site. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201417
  20. 20.  Google Safe Browsing API  Enables client applications to validate whether a given URL exists in blacklists that are constantly updated by Google.  The current implementation of the protocol is provided by Google.  The API requires client applications to communicate with providers through HTTP while adhering to syntax specified in Protocolv2Spec. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201418
  21. 21. Algorithm 1 Protocolv2Spec phishing detection in pseudo- code 1: Hf ← sha256(URL) 2: Ht ← truncate(Hf,32) 3: if Ht ∈ Hl then 4: for Hr ← queryProvider(Ht) do 5: if Hf = Hr then 6: warnPhishing(URL) 7: end if 8: end for 9: end if DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201419
  22. 22.  Visual similarity  Classification with Discriminative Keypoint Features.  This mechanism is agnostic to the underlying code or technology that renders the final visual output to the users eyes.  Mimics a website using img tag.  Snapshot is then matched with whitelist. PHISHING DETECTION-A LITERATURE SURVEY DEPT.OF COMPUTER SCIENCE 20 2014
  23. 23. PHISHING DETECTION-A LITERATURE SURVEY DEPT.OF COMPUTER SCIENCE 21 2014
  24. 24. EVALUATION  The study concluded that user training approaches are promising. Virtually user training approaches increased TP rate.  Blacklists are able to achieve low FP rates. Ineffective against zero- hour attacks.  The effectiveness of visual similarity techniques might not be accurately known, but rather assumed. DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY 201422
  25. 25. CONCLUSION  Phishing is a growing crime and one that we must be aware of. Although laws have been enacted, education is the best defence against phishing. Being a bit suspicious of all electronic communications and websites is recommmended. Lookout for the common characteristics - sense of urgency, request for verification, and grammer and spelling errors. Also, get in the habit of comparing the provided URL with the an independent search for the company's website. PHISHING DETECTION-A LITERATURE SURVEY 23 2014DEPT.OF COMPUTER SCIENCE
  26. 26. REFERENCES [1] Mahmoud Khonji, Youssef Iraqi, Senior Member, IEEE, and Andrew Jones. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 [2] B. Krebs, “HBGary Federal hacked by Anonymous,” http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/, 2011, accessed December 2011. [3] B. Schneier, “Lockheed Martin hack linked to RSA’s SecurID breach,” http://www.schneier.com/blog/archives/2011/05/lockheed martin.html, 2011, accessed December 2011. [4] C. Whittaker, B. Ryner, and M. Nazif, “Large-scale automatic classifi- cation of phishing pages,” in NDSS ’10, 2010. [5] Anti-Phishing Working Group (APWG), “Phish- ing activity trends report — second half 2010,” http://apwg.org/reports/apwg report h2 2010.pdf, 2010, accessed December 2011. [6] Anti-Phishing Working Group (APWG), “Phish- ing activity trends report — second half 2011,” http://apwg.org/reports/apwg trends report h2 2011.pdf, 2011, accessed July 2012 24 2014DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY
  27. 27. 201425DEPT.OF COMPUTER SCIENCE PHISHING DETECTION-A LITERATURE SURVEY
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×