Title :
High-performance content-based phishing attack detection
Author :
Wardman, Brad ; Stallings, Tommy ; Warner, Gary ; Skjellum, Anthony
Author_Institution :
Comput. Forensics & Res. Lab., Univ. of Alabama at Birmingham, Birmingham, AL, USA
Abstract :
Phishers continue to alter the source code of the web pages used in their attacks to mimic changes to legitimate websites of spoofed organizations and to avoid detection by phishing countermeasures. Manipulations can be as subtle as source code changes or as apparent as adding or removing significant content. To appropriately respond to these changes to phishing campaigns, a cadre of file matching algorithms is implemented to detect phishing websites based on their content, employing a custom data set consisting of 17,992 phishing attacks targeting 159 different brands. The results of the experiments using a variety of different content-based approaches demonstrate that some can achieve a detection rate of greater than 90% while maintaining a low false positive rate.
Keywords :
Web sites; computer crime; Web pages; Web sites; file matching algorithm; high-performance content-based phishing attack detection; phishing countermeasures; source code; spoofed organizations; Fingerprint recognition; Indexes; Zinc; Content-based approaches; Countermeasures; Cybercrime; Phishing;
Conference_Titel :
eCrime Researchers Summit (eCrime), 2011
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4577-1340-8
Electronic_ISBN :
2159-1237
DOI :
10.1109/eCrime.2011.6151977
