Gaurav Varshney
ABSTRACT
Phishing is a fraudulent technique used by attackers known as phishers for obtaining credentials (username and passwords) of a specific or group of users on internet. Phishing came into focus in 1996, and from then it is emerging out as one of the biggest cybercrime attacks on internet. The solutions for handling phishing attacks include: detecting the activity and filtering it from normal activity (Phished Email and Website detection), preventing it by the use of excellent user interfaces and login authentication schemes and user training so that users can prevent themselves from being falling into it. Researchers have focused on all the three techniques for solving phishing attacks. However the previous techniques handle the problem of phishing to an extent but are incomplete, and complex to implement or use in actuality. The research work in this paper will be focused on the critical review of previous schemes proposed, with a novel scheme for preventing phishing attacks with the use of four characters secret information display during login authentication. The novelty of the scheme lies in its low complexity, better user understandability and real time implementation ability. This paper also describes the analyzed results of a real time experiment done to evaluate the scheme. Our results show great improvement with a total of only 13.5%, 1% and 3% user's phished in rigorous phishing attempts, of various kinds for a period of one month.
- Varshney, G., Joshi, R. C. Sardana, A. 2011. Unified Modeling Technique for Threat Cause Ranking, Mitigation and Testing. In proceedings of the fourth International Conference on Contemporary Computing, IC3-2011, Communications in Computer and Information Science, 2011, Volume 168, part 3, pp. 491--500.Google Scholar
- Pandove, K., 2010. Email Spoofing. International Journal of Computer Applications, Volume 5-No. 1.Google ScholarCross Ref
- Christine E. D., Jonathan, J. O., and Eugene J. K. Anatomy of a Phishing Email. Mail frontier, Inc., Palo Alto, CA, USA.Google Scholar
- APWG Anti Phishing Working Group. http://www.antiphishing.orgGoogle Scholar
- Sheng, S., Wardman, B., Warner, G., Carnor, L. F., Hong, J., and Zhang, C., 2009. "An empirical analysis of phishing blacklists".Google Scholar
- Toolan, F., Carthy, J., Feature Selection for Spam and Phishing Detection. 2010. In Proceedings of eCrime Researchers Summit (eCrime).Google Scholar
- Fette, I., Sadeh, N., Tomasic, A. 2007. Learning to detect phishing emails. In Proceedings of the 16th international conference on World Wide Web, May 08--12, 2007, Banff, Alberta, Canada. Google ScholarDigital Library
- Chandrashekharan, M., Narayan, K., and Upadhyaya, S. 2006. Phishing email detection based on structural properties. In Proceedings of the NYS Cyber Security Conference.Google Scholar
- Adida, B., et. al. 2005. Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails. In Proceedings of the DIMACS Workshop on Theft in E-Commerce.Google Scholar
- Zhang, Y. et. al. 2007. Catina: A Content-Based Approach to Detecting Phishing Web Sites. In Proceedings of the 16th international conference on World Wide Web. NY, USA, 2007. Google ScholarDigital Library
- Sanglerdsinlapachai, N. and Rungsawang, A. Using Domain Top-page Similarity Feature in Machine Learning-based Web Phishing Detection. In Proceedings of 3rd International Conference on Knowledge Discovery and Data Mining, pp. 187--190. Google ScholarDigital Library
- DKIM.org, http://www.dkim.org.Google Scholar
- Singh, A. P., et. al. 2011. Detection and Prevention of Phishing Attack Using Dynamic Watermarking. Information Technology and Mobile Communication, Communications in Computer and Information Science. Volume 147, Part 1, 132--137.Google ScholarCross Ref
- Liou, J. C. et. al. 2011. A Sophisticated RFID Application on Multi-Factor Authentication. In Proceedings of the Eighth International Conference, Information Technology: New Generations (ITNG). Las Vegas, pp. 180--185, 2011. Google ScholarDigital Library
- Parno, B. et. al. 2006. Phoolproof Phishing Prevention. Financial Cryptography and Data Security, Lecture Notes in Computer Science. Vol. 4107/2006, pp. 1--19. Google ScholarDigital Library
- Fraser, N., The usability of picture password. Unpublished.Google Scholar
- Dhamija, R. Tygar, J. D. 2005. The Battle Against Phishing: Dynamic Security Skins. In Proceedings of the 2005 symposium on Usable privacy and security, SOUPS '05, 2005. Google ScholarDigital Library
- Ross, B. 2005. Stronger Password Authentication Using Browser Extensions. In Proceedings of the Security '05 Technical Program. Google ScholarDigital Library
- Hiltgen, A. et. al. 2006. Secure Internet banking authentication. Security & Privacy, IEEE, Volume 4, No. 2, pp. 21--29. Google ScholarDigital Library
- Kyeongwon, C. et. al. 2011. A mobile based antiphishing authentication scheme using QR code. In Proceedings of Mobile IT Convergence (ICMIC) pp. 109--113.Google Scholar
- Kumaraguru, P. et. al. 2007. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. In proceedings of the SIGCHI conference on Human factors in computing systems, New York, USA. Google ScholarDigital Library
- Florencio, D. and Herley, C. 2006. Password Rescue: A New Approach to Phishing Prevention. In Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC'06. Google ScholarDigital Library
- Secret information display based authentication technique towards preventing phishing attacks
Recommendations
Mitigating Phishing Attacks: An Overview
ACM SE '19: Proceedings of the 2019 ACM Southeast ConferenceSocial engineering is the process of getting a person to provide a service or complete a task that may give away private or confidential information. Phishing is the most common type of social engineering. In phishing, an attacker poses as a trustworthy ...
Fighting against phishing attacks: state of the art and future challenges
In the last few years, phishing scams have rapidly grown posing huge threat to global Internet security. Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user's personal or financial ...
Parsing operations based approach towards phishing attacks
ICDEM'10: Proceedings of the Second international conference on Data Engineering and ManagementCurrently, web attacks are so popular attacks under cyber crime category. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this category. Security against these attacks is the major issue of internet security.
This ...
Comments