Title :
Anti-Phishing in Offense and Defense
Author :
Yue, Chuan ; Wang, Haining
Author_Institution :
Coll. of William & Mary, Williamsburg, VA
Abstract :
Many anti-phishing mechanisms currently focus on helping users verify whether a Web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing sites. In this paper, instead of preventing human users from "biting the bait", we propose a new approach to protect against phishing attacks with "bogus bites". We develop BogusBiter, a unique client-side anti-phishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. BogusBiter conceals a victim\´s real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches. We implement BogusBiter as an extension to Firefox 2 Web browser, and evaluate its efficacy through real experiments on both phishing and legitimate Web sites.
Keywords :
Web sites; computer crime; online front-ends; unsolicited e-mail; BogusBiter; Firefox 2 Web browser; Internet user protection; Web sites; client-side automatic phishing detection; phishing sites; prevention-based approaches; Application software; Computer security; Computer vision; Educational institutions; Feeds; Humans; Internet; Large-scale systems; Protection; Usability; Anti-Phishing; Credential Theft; Phishing; Security; Usability; Web Browser;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.32
