Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.1.113

Cognitive Approach to Anti-Phishing and Anti-Pharming  

Kim, Ju-Hyun (Graduate School of IT&T, INHA University)
Maeng, Young-Jae (Graduate School of IT&T, INHA University)
Nyang, Dae-Hun (Graduate School of IT&T, INHA University)
Lee, Kyung-Hee (The University of Suwon)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.1, 2009 , pp. 113-124 More about this Journal
Abstract
Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser, but they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or pharming is presented, using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or pharming, but observes if there were HTML code changing between plug-ins and a server.
Keywords
Phishing; Pharming; Hidden Attack; Graphical substitution;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Phishing Activity Trends, http://www. antiphishing.org/reports/apwg_report_may_ 2007.pdf
2 P.P. Swire, "Report from the National Consumers League Anti-Phishing Retreat," National Consumers Leage, Mar. 2006
3 L. Fette, "earning to Detect Phishing Emails," Proceedings of the 16th International conference on World Wide Web, pp. 649-656, May 2007
4 spoofstick, http://spoofstick.com
5 Netcraft Toolbar, http://toolbar.net craft.com
6 TrustBar, http://www.cs.biu.ac.il/~herzbea/TrustBar/
7 G. Ollmann, The Phishing Guide, NGS Software Ltd., Sep. 2004
8 C. Karlof, "Dynamic pharming attacks and locked same-origin pol icies for web browsers," Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 58-71, Oct. 2007
9 G. Tally and R. Thomas, "Anti-Phishing: Best Practices for Institutions and Consumers," Anti-Phishng Working Group, pp. 8-20, Nov. 2004
10 R. Dhamija, "Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks," Human Interactiv e Proofs, LNCS 3517, pp. 131-139, 2005   DOI   ScienceOn
11 M. Wu, "Do Security Toolbars Actually Prevent Phishing Attack?," SIGCHI conference on Human Factors in computing systems, pp. 601-610, Apr. 2006   DOI
12 Hidden Frame & Graphical Substitutio n, http://www.contentverification.com/ attacks.html
13 NoPhishing, http://www.softrun.com
14 D. allan, "Identity Theft, Phishing and Pharming: Accountability & esponsibilities," OWASP AppSec, pp. 23-27, Oct. 2005
15 P. Kumaraguru, "Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System," SIGCHI conference on Human factors in computing systems, pp. 905-914, May 2007   DOI
16 J. Stewart, "DNS Cache Poisoning - The Next Generation," LURHQ, pp. 1-13, Jan. 2003
17 McAfee Siteadviser, http://www.siteadviser.com
18 Y. Zhang, S. Egelman, L. Cranor, and J. Hong, "Phinding Phish: Evaluating Anti-Phishing Tools," Proceedings of the 14th Annual Network and Distributed System Security Symposium, Mar. 2007
19 ClientPhishingPro, http://www.softforum.co.kr
20 NetTrust, http://www.ljean.com/NetTrust/
21 G. Ollmann, Security Best Practice: Host Naming and URL Conventions, NGS Software Ltd, pp. 5-6, Jan. 2005
22 eBay's Account guard, http://pages.ebay.com/help/confidence/account-guard.html