Skip to main content
Springer Nature Link
Log in

Method for Evaluating the Security Risk of a Website Against Phishing Attacks

  • Conference paper
Intelligence and Security Informatics (ISI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5075))

Included in the following conference series:

Abstract

As Internet technologies evolve, phishing and pharming attacks frequently occur and diversify. In order to protect the economic loss and privacy of Internet users against the phishing attacks, several researches such as website authentication and email authentication have been studied. Although, most of them use website black-list (WBL) or website white-list (WWL), there are several weak points, such as validity of WBL DB (database) and the short life-cycle of phishing websites. That is, it is impossible to discriminate between legitimate and forged websites until the phishing attacks are detected and recorded into WBL DB. Furthermore, the existing WBL and WWL approaches hardly counter the new generation of sophisticated malware pharming attacks. In this paper, in order to overcome the limitation of WBL and WWL approaches, new approach based on the WWL approach, which can quantitatively estimate the security risk of websites that is security risk degree representing the phishing websites, is proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anti-Phishing Working Group (APWG) (2008), http://www.antiphishing.org

  2. Tygar, J.D., Dhamija, R., Hearst, M.: Why Phishing Works. In: Proc. of the Conference on Human Factors in Computing Systems (CHI 2006) (2006)

    Google Scholar 

  3. Microsoft, Sender ID Framework Overview (2008), http://www.microsoft.com

  4. Yahoo: Yahoo! Anti-Spam Resource Center (2008), http://antispam.yahoo.com

  5. Mutual Internet Practices Association, DomainKeys Identified Mail (DKIM) (2008), http://www.dkim.org

  6. Dhamija, R., Tygar, J.D.: The Battle against Phishing: Dynamic Security Skins. In: Proc. of the 2005 symposium on Usable Privacy and Security (SOUPS 2005), pp. 77–88 (2005)

    Google Scholar 

  7. Dhamija, R., Tygar, J.D.: Phish and Hips: Human Interactive Proofs to Detect Phishing Attacks. In: Proc. of the Second International Workshop, pp. 127–141 (2005)

    Google Scholar 

  8. Fu, A.Y., Wenyin, L., Deng, X.: Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD). IEEE Transactions on Dependable and Secure Computing 3(4), 301–311 (2006)

    Article  Google Scholar 

  9. Liu, W., Deng, X., Huang, G., Fu, A.Y.: An Antiphishing Strategy Based on Visual Similarity Assessment. IEEE Internet Computing, 58–65 (2006)

    Google Scholar 

  10. Raffetseder, T., Kirda, E., Kruegel, C.: Building Anti-Phishing Browser Plug-Ins: An Experience Report. In: Proc. of third international workshop on Software Engineering for Secure Systems (SESS 2007) (2007)

    Google Scholar 

  11. Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: Client-side Defense against Web-Based Identity Theft. In: Proc. of 11th Annual Network and Distributed System Security Symposium (NDSS 2004) (2004)

    Google Scholar 

  12. TrustWatch (2008), http://www.trustwatch.com

  13. NetCraft (2008), http://www.netcraft.com

  14. EarthLink (2008), http://www.earthlink.com

  15. Microsoft, http://www.microsoft.com/mscorp/safety/technologies/antiphishing/

  16. Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: Proc. of Symposium On Usable Privacy and Security (SOUPS 2006), pp. 102–113. ACM Press, New York (2006)

    Chapter  Google Scholar 

  17. Emigh, A.: Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. ITTC Report on Online. Identity Theft Technology and Countermeasures (2005)

    Google Scholar 

  18. Rankey (2008), http://www.ranky.com

  19. Alexa the Web Information Company (2008), http://www.alexa.com

  20. Korea Information Security Agency (KISA) (2008), http://www.kisa.or.kr

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Management and Security, Center for Information Security Technologies (CIST), Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea

    Young-Gab Kim

  2. NHN Corporation IT Security Analysis Team, Venture Town Bldg., Jeongja-dong, Bundang-gu, Seongnam-si, 25-1, Gyeonggi-do, Korea

    Sanghyun Cho

  3. Div. of Computer Science Dept. of EECS, Korea Advanced Institute of Science and Technology (KAIST), 335 Gwahangno (373-1 Guseong-dong), Yuseong-gu, 305-701, Daejeon, Korea

    Jun-Sub Lee & Min-Soo Lee

  4. Korea Information Security Agency (KISA), IT Venture Tower, Jungdaero 135 (Garak-dong 78), Songpa-gu, 138-950, Seoul, Koera

    In Ho Kim & Sung Hoon Kim

Authors
  1. Young-Gab Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sanghyun Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jun-Sub Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Min-Soo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. In Ho Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sung Hoon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Chinese University of Hong Kong, Hong Kong

    Christopher C. Yang

  2. The University of Arizona, USA

    Hsinchun Chen

  3. The University of Hong Kong, Hong Kong

    Michael Chau

  4. Nanyang Technological University, Singapore

    Kuiyu Chang

  5. University of Central Florida, USA

    Sheau-Dong Lang

  6. Tatung University, Taiwan

    Patrick S. Chen

  7. California University of Pennsylvania, USA

    Raymond Hsieh

  8. University of Arizona and Chinese Academy of Sciences, USA

    Daniel Zeng

  9. Chinese Academy of Sciences, China

    Fei-Yue Wang  & Wenji Mao  & 

  10. Carnegie Mellon University, USA

    Kathleen Carley  & Justin Zhan  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, YG., Cho, S., Lee, JS., Lee, MS., Kim, I.H., Kim, S.H. (2008). Method for Evaluating the Security Risk of a Website Against Phishing Attacks. In: Yang, C.C., et al. Intelligence and Security Informatics. ISI 2008. Lecture Notes in Computer Science, vol 5075. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69304-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69304-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69136-5

  • Online ISBN: 978-3-540-69304-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics