| Information & Knowledge Technologies Business Unit |
| Distributed Systems Technology Group Papers |
|
|
|
|
Citation: submitted to ICFAI University Press to be included in an upcoming book on Indentity Theft http://www.icfaiuniversitypress.org/Books/books.asp
Formats: PDF
Abstract This paper describes an innovative approach toward defending against phishing attacks by using HTTPS proxying and attribute-based checks. After a short overview of phishing, we describe the functional architecture of the PhishBouncer HTTPS proxy together with various deployment options. We then explain a number of anti-phishing algorithms implemented as plugins and highlight which attributes of phishing sites they consider. Next, we describe in detail how the proxy intercepts SSL traffic for HTTPS proxying. To assess the effectiveness and applicability of this prototype, we performed extensive experimental testing. We present a fully automated crawling framework that we developed for testing, along with the main experimental results.
KEYWORDS: Phishing, Cyber Security, QoS, Adaptive Defense
