Phishwish: A Stateless Phishing Filter Using Minimal Rules

Cook, Debra L.; Gurbani, Vijay K.; Daniluk, Michael

doi:10.1007/978-3-540-85230-8_15

Debra L. Cook¹,
Vijay K. Gurbani² &
Michael Daniluk³

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5143))

Included in the following conference series:

International Conference on Financial Cryptography and Data Security

1211 Accesses
14 Citations

Abstract

We introduce phishwish, a phishing filter that offers advantages over existing filters: It does not need any training and does not consult centralized white or black lists. Furthermore, it is simple to configure, requiring only 11 rules to determine the veracity of an incoming email. We compare the performance of phishwish to SpamAssassin and to Google’s browser-based phishing filter. Our results indicate that phishwish outperforms these filters and identifies zero days attacks that went undetected by existing filters.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: Proceedings of the ACM Computer/Human Interaction (CHI 2006), pp. 581–590 (2006)
Google Scholar
Wu, M., Miller, R.C., Garfinkel, S.: Do Security Toolbars Actually Prevent Phishing Attacks? In: Proceedings of the ACM Computer/Human Interaction (CHI), pp. 601–610. ACM, New York (2006)
Google Scholar
Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: Evaluating Anti-Phishing Tools. In: Proceedings of NDSS (2007)
Google Scholar
Zhang, Y., Hong, J., Cranor, L.: CANTINA: A Content-Based Approach to Detecting Phishing Web Sites. In: Proceedings of WWW, pp. 639–648 (2007)
Google Scholar
Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: Proceedings of SOUPS, pp. 102–113 (2006)
Google Scholar
Mori, G., Malik, J.: Recognizing Objects in Adverserial Clutter: Breaking a Visual CAPTCHA. In: Proceedings of CVPR, pp. 1–8 (2003)
Google Scholar
von Ahn, L., Blum, M., Langford, J.: Telling Humans and Computers Apart Automatically. Comm. of the ACM 47(2), 57–60 (2004)
Article Google Scholar

Download references

Author information

Authors and Affiliations

No Affiliations,
Debra L. Cook
Alcatel-Lucent, Bell Labs, ,
Vijay K. Gurbani
Polytechnic University,
Michael Daniluk

Authors

Debra L. Cook
View author publications
You can also search for this author in PubMed Google Scholar
Vijay K. Gurbani
View author publications
You can also search for this author in PubMed Google Scholar
Michael Daniluk
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Gene Tsudik

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cook, D.L., Gurbani, V.K., Daniluk, M. (2008). Phishwish: A Stateless Phishing Filter Using Minimal Rules. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_15

Download citation

DOI: https://doi.org/10.1007/978-3-540-85230-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85229-2
Online ISBN: 978-3-540-85230-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics