GoldPhish: Using images for content-based phishing analysis

5th International Conference on Internet Monitoring and Protection, ICIMP 2010

Volumn , Issue , 2010, Pages 123-128

  Dunlop, Matthew ^a   Groat, Stephen ^a   Shelly, David ^a  

^a VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

Author keywords

Anti phishing; OCR; Toolbar; Zero day

Indexed keywords

ANTI-PHISHING; CONTENT-BASED; GOOGLE PAGERANK; PERSONAL INFORMATION; PHISHING; PHISHING ATTACKS; TOOLBARS;

INFORMATION DISSEMINATION; INTERNET; OPTICAL CHARACTER RECOGNITION;

SECURITY OF DATA;

EID: 77954482431     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIMP.2010.24     Document Type: Conference Paper

References (23)

1. BitDefender Anti-Phishing. Available at: http://content-down. bitdefender.eom/wi.ndows/desktop/antiphishing/final./en/Bit.Defender- APFE-2009-Userguide-en.pdf accessed on 4 Nov 2009.
2. Y. Cao, W. Han, and Y. Le. Anti-phishing based on automated individual white-list. In DIM '08: Proceedings of the 4th ACM workshop on Digital identity management, pages 51-60, New York, NY, USA, 2008. ACM.
3. R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581-590, New York, NY, USA, 2006. ACM.
4. S. Garera, N. Pravos, M. Chew, and A. D. Rubin. A framework for detection and measurement of phishing attacks. In WORM '07: Proceedings of the 2007 ACM workshop on Recurring malcode, pages 1-8, New York, NY, USA, 2007. ACM.
5. Google safe browsing v2.2 protocol. Available at: http://www. antiphishing.org/reports/APWG-GlobalPhishingSurvey-1H2009.pdf accessed on 26 Oct 2009, 2009.
6. A. Herzberg and A. Gbara. Security and identification indicators for browsers against spoofing and phishing attacks. Cryptology ePrint Archive, Report. 2004/155, 2004. http://eprint.iacr.org/.
7. B. Kesler, H. Drinan, and N. Fontaine. News briefs. IEEE Security and Privacy. 4(2):8-13, 2006.
8. C. Ludl, S. Mcallister, E. Kirda, and C. Kruegel. On the effectiveness of techniques to detect phishing sites. In DIMVA '07: Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 20-39, Berlin, Heidelberg, 2007. Springer-Verlag.
9. T. McCall. Gartner survey shows phishing attacks escalated in 2007; more than $3 billion lost to these attacks. Available at: http://www. gartner.com/it/page.jsp?id=565125, 2007.
10. Microsoft's approach to anti-phishing. Available at: http://www. microsoft.com/mscorp/safety/technologies/antiphishing/vision.Inspx accessed on 26 Oct 2009, 2007.
11. T. Moore and R. Clayton. The impact of incentives on notice and take-down. In Proceedings of the Seventh "Workshop on Economics of Information Security (WEIS 2008), June 2008.
12. L. Page, S. Brin, R. Motwani, and T. Winograd. The PageRank citation ranking: Bringing order to the web. Technical report, Stanford Digital Library Technologies Project, 1998.
13. Y. Pan and X. Ding. Anomaly based web phishing page detection. In ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference, pages 381-392, Washington, DC, USA, 2006. IEEE Computer Society.
14. Phishtank. Available at: http://www.phishtank.com/ accessed on 26 Oct 2009.
15. randomwebsite.com. Available at: http://www.randomwebsite.com/ accessed from 10-28 Oct 2009.
16. J. Postel and J. Reynolds. Domain requirements. RFC 920, Oct. 1984.
17. R. Rasmussen and G. Aaron. Global phishing survey: Trends and domain name use in 1h2009. Available at: http://www.antiphishing.org/reports/APWG- GlobalPhishingSurvey-1H2009.pdf, October 2009.
18. G. Salton and M. J. McGiIl. Introduction to Modern Information Retrieval. McGraw-Hill, Inc., New York, NY, USA, 1986.
19. Web100.com. Available at: http://www.web100.com/web-100 accessed on 5 Nov 2009.
20. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 601-610, New York, NY, USA, 2006. ACM.
21. G. Xiang and J. I. Hong. A. hybrid phish detection approach by identity discovery and keywords retrieval. In WWW '09: Proceedings of the 18th international conference on World wide web, pages 571-580, New York, NY, USA, 2009. ACM.
22. Y. Zhang, S. Egelman, L. Cranor, and J. Hong. Phinding Phish: Evaluating anti-phishing tools. In Proceedings of the 14th Annual Network and Distributed System. Security Symposium., Feb. 2007.
23. Y. Zhang, J. I. Hong, and L. F. Cranor. Cantina: a content-based approach to detecting phishing web sites. In WWW '07: Proceedings of the 16th international conference on World Wide Web, pages 639-648, New York, NY, USA, 2007. ACM.