Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.4.819

Real-time Phishing Site Detection Method  

Sa, Joon-Ho (Korea University, CIST)
Lee, Sang-Jin (Korea University, CIST)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.4, 2012 , pp. 819-825 More about this Journal
Abstract
Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.
Keywords
Phishing; Phishing Site Detection; Traffic Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 한국인터넷진흥원, "웹체크 시스템," http://webcheck.kisa.or.kr/, 2010년.
2 Google, "Google Safe Browsing for Firefox," http://www.google.com/tools/firefox/safebrowsing/faq.html, 2007.
3 R. Manning, "Phishing Activity Trends Report 1st Half 2011," Anti-Phishing Working Group, pp. 3-7, Jul. 2011.
4 사이버테러대응센터, "공공기관 사칭 피싱사이트 주의보 발령," http://www.police.go.kr/announce/newspdsView.do?idx=97235, 2011년 7월.
5 Microsoft, "Microsoft, Internet Explorer Phishing Filter," http://windows.microsoft.com/en-US/windows-vista/Phishing-Filter-frequently-asked-questions, Aug. 2010.
6 C. Ludl, S. McAllister, E. Kirda, and C. Kruegel, "On the effectiveness of techniques to detect phishing sites," DIMVA '07, pp. 20-39, Jul. 2007.
7 S. Garera, N. Provos, M. Chew, and Rubin, "A framework for detection and measurement of phishing attacks," WORM '07, pp. 1-8, Nov. 2007.
8 Y. Zhang, J. Hong, and L. Cranor, "CANTINA: A content-based approach to detecting phishing web sites," WWW '07, pp. 639-648, May 2007.
9 M. Jakobsson and S. Myers, Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, Wiley, pp 48-49, Dec. 2006.
10 A. Kumar, "Referer Analysis - Mining for a Phisher's Traces," http://phishtrails.blogspot.com/2006/06/referer-analysis-mining-for-phishers.html, Jun. 2006.
11 R. Rasmussen, "Global Phishing Survey: Trends and Domain Name Use in 1H2011," Anti-Phishing Working Group, pp. 9, Nov. 2011.
12 사준호, "국내 피싱사이트 주요특징 및 대응방안," 금융보안연구원 이슈리포트, 20, pp 6, 2011년 11월.
13 R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1," RFC 2616, Network Working Group, Jun. 1999.
14 M. Still, "Python effective TLD library," http://www.stillhq.com/python/etld/000001.html, Oct. 2009.
15 Wikipedia, "X-Forwarded-For," http://en.wikipedia.org/wiki/X-Forwarded-For, Mar. 2012.