Skip to main content
SpringerLink
Log in
Book cover

International Conference on Passive and Active Network Measurement

PAM 2013: Passive and Active Measurement pp 239–249Cite as

PhishLive: A View of Phishing and Malware Attacks from an Edge Router

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7799))

Abstract

Malicious website attacks including phishing, malware, and drive-by downloads have become a huge security threat to today’s Internet. Various studies have been focused on approaches to prevent users from being attacked by malicious websites. However, there exist few studies that focus on the prevalence and temporal characteristics of such attack traffic. In this paper, we developed the PhishLive system to study the behavior of malicious website attacks on users and hosts of the campus network of a large University by monitoring the HTTP connections for malicious accesses. During our experiment of one month, we analyzed over 1 billion URLs. Our analysis reveals several interesting findings.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings. In: CHI, 1065–1074 (April 2008)

    Google Scholar 

  2. Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: Evaluating Anti-Phishing tools. In: NDSS (February 2007)

    Google Scholar 

  3. Prakash, P., Kumar, M., Kompella, R., Gupta, M.: Phishnet: Predictive blacklisting to detect phishing attacks. In: INFOCOM, pp. 1–5 (March 2010)

    Google Scholar 

  4. Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In: KDD, pp. 1245–1254 (June 2009)

    Google Scholar 

  5. Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: CCS (October 2007)

    Google Scholar 

  6. Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: WORM, 1–8 (2007)

    Google Scholar 

  7. Zhang, Y., Hong, J.I., Cranor, L.F.: Cantina: A content-based approach to detecting phishing web sites. In: WWW, pp. 639–648 (May 2007)

    Google Scholar 

  8. Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: LEET, pp. 1–11 (April 2009)

    Google Scholar 

  9. Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., et al.: Sandnet: network traffic analysis of malicious software. In: BADGERS (April 2011)

    Google Scholar 

  10. Gu, G., Zhang, J., Wenke, L.: BotSniffer: Detecting botnet command and control channels in network traffic. In: NDSS (February 2008)

    Google Scholar 

  11. Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI (April 2010)

    Google Scholar 

  12. Song, C., Zhuge, J., Han, X., Ye, Z.: Preventing drive-by download via inter-module communication monitoring. In: ASIACCS, pp. 124–134 (April 2010)

    Google Scholar 

  13. Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: NDSS (February 2010)

    Google Scholar 

  14. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: IEEE S&P Conference (Oakland), pp. 1–15 (May 2008)

    Google Scholar 

  15. Maier, G., Feldmann, A., Paxson, V., Sommer, R., Vallentin, M.: An Assessment of Overt Malicious Activity Manifest in Residential Networks. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 144–163. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Google safe browsing API, https://developers.google.com/safe-browsing/

  17. Webb, S., Caverlee, J., Pu, C.: Introducing the webb spam corpus: Using email spam to identify web spam automatically. In: CEAS (July 2006)

    Google Scholar 

  18. Webb, S., Caverlee, J., Pu, C.: Characterizing web spam using content and http session analysis. In: CEAS (July 2007)

    Google Scholar 

  19. Lee, S., Kim, J.: Warningbird: Detecting suspicious URLs in twitter stream. In: NDSS, pp. 1–13 (February 2012)

    Google Scholar 

  20. Konte, M., Feamster, N., Jung, J.: Dynamics of Online Scam Hosting Infrastructure. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 219–228. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Holz, T., Gorecki, C., Rieck, K., Freiling, F.: Measuring and detecting fast-flux service networks. In: NDSS (February 2008)

    Google Scholar 

  22. Bhargrava, K., Brewer, D., Li, K.: A study of URL redirection indicating spam. In: CEAS (July 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, Indiana, USA

    Lianjie Cao & Ramana Kompella

  2. INSA de Toulouse, Toulouse, France

    Thibaut Probst

Authors
  1. Lianjie Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thibaut Probst
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ramana Kompella
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematical Sciences, University of Adelaide, Innova21 Building, 5005, Adelaide, SA, Australia

    Matthew Roughan

  2. Department of Computing, The Hong Kong Polytechnic University, Hunghom, Kowloon, Hong Kong SAR, China

    Rocky Chang

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cao, L., Probst, T., Kompella, R. (2013). PhishLive: A View of Phishing and Malware Attacks from an Edge Router. In: Roughan, M., Chang, R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36516-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36516-4_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36515-7

  • Online ISBN: 978-3-642-36516-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation