Skip to main content
SpringerLink
Log in

Defending the weakest link: phishing websites detection by analysing user behaviours

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Phishing detection systems are principally based on the analysis of data moving from phishers to victims. In this paper we describe a novel approach for detecting phishing websites based on analysis of users’ online behaviours—i.e., the websites users have visited, and the data users have submitted to those websites. Such user behaviours can not be manipulated freely by attackers; detection based on those data can achieve high accuracy whilst being fundamentally resilient against changing deception methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abad, C. (2005). The economy of phishing: a survey of the operations of the phishing market. First Monday, 10(9).

  2. Albrecht, K., Burri, N., & Wattenhofer, R. (2005). Spamato—an extendable spam filter system. In 2nd Conference on email and anti-spam (CEAS), Stanford University, Palo Alto, California, USA, July 2005.

  3. Behera, P., & Agarwal, N. (2006). A confidence model for web browsing. In Toward a more secure web—W3C workshop on transparency and usability of web authentication, 2006.

  4. Chandrasekaran, M., Chinchain, R., & Upadhyaya, S. (2006). Mimicking user response to prevent phishing attacks. In IEEE international symposium on a world of wireless, mobile, and multimedia networks, 2006.

  5. Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., & Mitchell, J. C. (2004). Client-side defence against web-based identity theft. In NDSS ’04: proceedings of the 11th annual network and distributed system security symposium, February 2004.

  6. Dhamija, R., Tygar, D., & Hearst, M. (2006). Why phishing works. In CHI ’06: proceedings of the SIGCHI conference on human factors in computing systems, ACM Special Interest Group on Computer-Human Interaction 2006 (pp. 581–590).

  7. Fette, I., Sadeh, N., & Tomasic, A. (2007). Learning to detect phishing emails. In WWW ’07: proceedings of the 16th international conference on world wide web, New York, NY, USA, 2007 (pp. 649–656). New York: ACM Press.

    Chapter  Google Scholar 

  8. Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In WWW ’07: proceedings of the 16th international conference on world wide web, New York, NY, USA, 2007 (pp. 657–666). New York: ACM Press.

    Chapter  Google Scholar 

  9. Franco, R. (2005). Better website identification and extended validation certificates in ie7 and other browsers. In IEBlog, November 2005.

  10. Goodger, B., Hickson, I., Hyatt, D., & Waterson, C. (2001). Xml user interface language (xul) 1.0 (Technical report). Mozilla Org.

  11. Hartman, S. (2007). Ietf-draft: requirements for web authentication resistant to phishing (Technical report). MIT.

  12. Hhrmann, B., Htgaret, P. L., & Pixley, T. (2007). Document object model events (Technical report). W3C.

  13. Jagatic, T., Johnson, N., Jakobsson, M., & Menczer, F. (2007). Social phishing. ACM Communication, October.

  14. Jakobsson, M. (2005). Modeling and preventing phishing attacks. In Phishing panel in financial cryptography ’05, 2005.

  15. Jakobsson, M. (2007). Human factors in phishing. In Privacy & security of consumer information ’07, 2007.

  16. Jakobsson, M., Tsow, A., Shah, A., Blevis, E., & Lim, Y.-K. (2007). What instills trust? A qualitative study of phishing. In Extended abstract, USEC ’07, 2007.

  17. Johnston, P. A. (2009). http://pajhome.org.uk/crypt/index.html.

  18. Litan, A. (2006). Toolkit: E-commerce loses big because of security concerns (Technical report). Garnter Research.

  19. McCall, T. (2007). Gartner survey shows phishing attacks escalated in 2007; more than $3 billion lost to these attacks (Technical report). Gartner Research.

  20. Microsoft (2005). Anti-phishing white paper (Technical report). Microsoft.

  21. MillerSmiles (2009). Official website. http://www.millersmiles.co.uk.

  22. Moore, T., & Clayton, R. (2007). Examining the impact of website take-down on phishing. In eCrime ’07: proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, New York, NY, USA, 2007 (pp. 1–13). New York: ACM Press.

    Chapter  Google Scholar 

  23. Mozilla (2007). Phishing protection. http://www.mozilla.com/en-US/firefox/phishing-protection/.

  24. Netcraft (2007). http://toolbar.netcraft.com/.

  25. Ollmann, G. (2005). The pharming guide (Technical report). Next Generation Security Software Ltd.

  26. Ollmann, G. (2009). The phishing guide (Technical report). NGSS.

  27. Pan, Y., & Ding, X. (2006). Anomaly based web phishing page detection. Acsac, 0, 381–392.

    Google Scholar 

  28. Phishtank (2007). http://www.phishtank.com/.

  29. Schechter, S., Dhamija, R., Ozment, A., & Fischer, I. (2007). The emperor’s new security indicators: an evaluation of website authentication and the effect of role playing on usability studies. In 2007 IEEE symposium on security and privacy, 2007.

  30. Security, R. (2007). Enhancing one-time passwords for protection against real-time phishing attacks (Technical report). RSA.

  31. Staikos, G. (2005). Web browser developers work together on security. Web, November.

  32. van Kesteren, A. (2006). The xmlhttprequest object (Technical report). W3C.

  33. W3C. (2006). Web security context—working group charter. Web.

  34. Watson, D., Holz, T., & Mueller, S. (2005). Know your enemy: phishing (Technical report). The Honeynet Project & Research Alliance.

  35. Wu, M., Miller, R. C., & Garfinkel, S. L. (2006). Do security toolbars actually prevent phishing attacks? In CHI ’06: proceedings of the SIGCHI conference on human factors in computing systems, New York, NY, USA, 2006 (pp. 601–610). New York: ACM Press.

    Chapter  Google Scholar 

  36. Wu, M., Miller, R. C., & Little, G. (2006). Web wallet: preventing phishing attacks by revealing user intentions 2006 (pp. 102–113).

  37. Zhang, Y., Hong, J. I., & Cranor, L. F. (2007). Cantina: a content-based approach to detecting phishing web sites. In WWW ’07: proceedings of the 16th international conference on world wide web, New York, NY, USA, 2007 (pp. 639–648). New York: ACM Press.

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of York, York, UK

    Xun Dong, John A. Clark & Jeremy L. Jacob

Authors
  1. Xun Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John A. Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeremy L. Jacob
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xun Dong.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dong, X., Clark, J.A. & Jacob, J.L. Defending the weakest link: phishing websites detection by analysing user behaviours. Telecommun Syst 45, 215–226 (2010). https://doi.org/10.1007/s11235-009-9247-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-009-9247-9

Keywords

Search

Navigation