Detecting Phishing Web Sites by a Content-Based Approach CANTINA

Balasubramanian D*, Boopathy R.**, Jeyabalaraja V***, Thirumal S****
*Senior Lecturer Dept of MSc (IT),Velammal Engg College ,Chennai,Tamilnadu
**Senior Lecturer Dept of MCA,Velammal Engg College ,Chennai,Tamilnadu
***PROFESSOR, Dept of MCA,Velammal Engg College ,Chennai,Tamilnadu
****Senior Lecturer Dept of MCA,Velammal Engg College ,Chennai,Tamilnadu
Periodicity:January - March'2008
DOI : https://doi.org/10.26634/jse.2.3.515

Abstract

Cantina is a content-based approach for detecting phishing web sites, based on the TF-IDF information retrieval algorithm. Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper discusses about the design and evaluation of several heuristics developed to reduce false positives. The experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites using CANTINA.

Keywords

How to Cite this Article?

Balasubramanian D, Boopathy R, Jeyabalaraja V and Thirumal S (2008). Detecting Phishing Web Sites by a Content-Based Approach CANTINA. i-manager’s Journal on Software Engineering, 2(3), 6-21. https://doi.org/10.26634/jse.2.3.515

References

[ I ]. 3Sharp, 3Sharp Study finds Internet Explorer 7 Edges Out Netcraft As Most Accurate for Anti-Phishing Protection.2006.http:.//www~3sharp.com/projects/antiphi shing/. .
[2]. Anti-Phishing Working Group, Phishing Activity Trends Report. 2006. Http://www.ontiphishing.org/ reports/ opwg_report_june_06.pdf
[3]. Anti-Phishing Working Group (APWG), Visited: Nov 20, 2006~ Http://www,ontiphishing.org/ .
[4]. Chou, N. , R. Ledesmo, Y. Teroguchi, D~ Boneh, ond J.C. Mitchell, Client-Side Defense ogoinst Web-8osed Identity Theft. In Proceedings of The Ilth Annual Network and Distributed System Security Symposium (NDSS '04). Http://crypto.stonford.edu/SpoofGuord/webspoof.pdf
[ 5 ] . Cloudm or k Inc . Visit e d : Nov 2 0 , 2 00 6 . Http://www,cloudmork,com/desktop/downlood/ , .
[6]. Cronor, L., S. Egelmon, J. Hong, ond Y. Zhong, Phinding Phish: Evoluoting Anti-Phishing Tools. In Proceedings of The l4th Annual Networkand Distributed System Security Symposium (NDSS '07). Februory 28- Morch 2, 2007
7]. Doo, T., Term frequency-Inverse document frequency implementotion in C # , The Code Project - C # Progromming. Visited: Nov 20, 2006 . Http://www,codeproject.com/cshorp/tfidf.osp.
[8]. Dhomijo, R. ond J.D. Tygor, The bottle ogoinst phishing: Dynomic Security Skins, In Proceedings of the First Symposium on Usable Privacy and Security (SOUPS 2005). pp. 77-88 2005, , .
[9]. Dhomijo, R., J.D. Tygor, ond M. Heorst, Why Phishing Works. In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI2OO6), pp. 58 I -590, April 2006
[I 0]. Downs, J.S. , M.B. Holbrook, ond L.F. Cronor, Decision strotegies ond susceptibility to phishing, In Proceedings of the Second Symposium on Usable Privacy and Securify(SOUPS2OO6). pp. 79-90 2006
[I I ]. e8oylnc., Spoof Emoil TutorioL Visited: Nov 20, 2006 . http:// poges,eboy.com/educotion/spooftutoriol/ .
[I 2]. e8oy Inc., Using e8oy Toolbor's Account Guord. Visited:Nov 20, 2006. http://poges.eboy~com/help/ confidence/occount-guord.htmL
[I 3]. FederolTrode Commission, An E-Cord forYou gome. Visited: Nov 20, 2006 . http://www.ftc.gov/ bcp/conline/ ecords/ phishing/ index.htmL
[14]. Federol Trode Commission, Federol Trode Commission. Phishing Alerts. Visited: Nov 20, 2006. Htf p:/ /www. f tc , gov/ bcp/ conline/ pubs/ olert s/ phishingolrt,htm~
[ I 5]. Ferguson, A.J. , Fostering E-MOiI Security Aworeness: The West Point Corronode, EDUCASE Quarterly,2005. Http://www.educouse~edu/ir/librory / pdf/eqmO5 I 7.pdf.
[ I 6]. Fette, 1., N. Sodeh, ond A. Tomosic. Looming to Detect Phishing Emoils. ISRI Technicol Report. CMU-ISRI- 06- I I 2,2006. htfp://reports- orchive.odm.cs.cmu~edu/ onon/isri2OO6/ obstrocts/06-1 I 2.html,
[ I 7]. Gobber, E. , RB. Gibbons, Y. Monos, ond A.J. Moyer. How to moke personolized web browsing simple, secure, ond ononymous, In Proceedings of Financial Cryptography. pp.1732 1997.
[ I 8]. GeoTrust Inc., TrustWotch Toolbor. Visited: Nov 20, 2006. http://toolbor.trustwotch.com/tour/v3ie/toolbor- v3ie-tour- overview~html. .
[ I 9] .Google Inc., Google Sofe 8rowsing for Firefox. Visited: Nov 20, 2006~ Http://www.google,com/tools/ firefox/sofebrowsing/
[20]. Holdermon, J.A., B. Woters, ond E.W Felten, A Convenient Method for Securely Monoging Posswords. In Proceedings of l4th International World Wide Web Conference, 2005.
[2 I]. Herzberg, A. ond A. Gboro, Trust8or: Protecting [even Noive) Web Users from Spoofing ond Phishing Attocks.2004, Cryptology ePrint Archive: Report 2004/ I 55 . Http:// www,cs. biu. oc. iI/ ~herzbeo/ Popers/ ecommerce/spoofing,htm,
[22]. Jockson, J.W., A.J. Ferguson, ond M.J. Cobb, 8uilding o University-wide Automoted Informotion Assuronce Aworeness Exercise: The West Point Corronode. In Proceedings of 35th ASEE/IEEE Frontiers in Education Conference 2005. Http://fie.engrng.pitt.edu/fie2OO5/ popers/I 694.pdf.
[23]. Jogotic, T., N. Johnson, M. Jokobsson, ond F. Menczer, socio! Phishing, 2006, http://www.indiono.edu/ ~phishing/sociol-network-experiment/phishing- preprint.pdf.
[24] .Keizer, G., Phishing Costs Nearly $1 Billion, TechWeb Technoiogy News . Visited: Nov 20, 2006 . Http://www,techweb.com/wire/securityf I 64902671,
[25]. Kumoroguru, R, Y.W. Rhee, A. Acquisti, L. Cronor, and J. Hong Protecting People from Phishing: The Design and Evaluation of an EmbeddedTraining Email System, In Proceedings of CH\2007 .
[26]. Mali Frontier, Phishing IQ. Visited: Nov 20, 2006. Http://survey,mailfrontier.com/survey/quiztest.html.
[27]. McMillan, R., Gortner: Consumers to lose $2.8 billion t o p hish ers in 2 00 6 , N et wor kWor I d , 200 6 . htt p://www~networkworld. com/news/ 2006/1 10906 - gartner- consumers-to-lose-28b~html.
[28]. Microsoft, Consumer Awareness Page on Phishing. Visited: Nov 20, 2006, Http://www,microsoft.com/ athome/securityf emoil/phishing.mspx.
[29]. Netcraft, Netcraft Anti-Phishing Toolbar~ Visited: Nov 20,2006. Http://toolbor~netcroft.com/,
[30]. New York State Office of Cyber Security & Critical Infrastructure Coordination. 2005. Gone Phishing~ . . A Briefing on the Anti-Phishing Exercise Initiotfve for New York State Government. Aggregate Exercise Results for public release.
[31]. Ponohy, A., Googie Parser, The Code Project - C# Programming . Visited: Nov 20, 2006 . htfp://www.codeproject,com/ csharp/googleporser.asp
[32]. Phelps, T.A. and R. Wilensky, Robust Hyper|inks and Locations, D -Lib Magazine, vol . 6( 7/8), 2000 . Http://www,dlib.org/dlib/julyOO/wilensky/O7wilensky html
[ 3 3 ] . PhishTank, Visited: Nov 20, 2006 . http://www.phishtank.com/ .
[34]. PhishTank, Statistics about Phishing Activity and PhishTank Usage. Visited: Nov 20, 2006 . Http://www.phishtank.com/stats/2006/I O/
[35]. Salton, G. and M.J. McGill, Introduction to Modern\nformation Retrieva\. New York, NY: McGraw-Hill, 1986
[36]. Stanford Applied Crypto Group, PwdHash~ Visited: Nov 20,2006, Http://crypto.stanford.edu/PwdHOsh
[37]. WU, M., R. Miller, and 5. Gorfinkel, Do Security Too|bars Actually Prevent Phishing Attacks? in Proceedings of ACM Conference on Human Factors in Computing Systems (CH\2006}, CH\ Letters 8(1}. Quebec, Canada: ACM Press, pp, 601-6 I O, April 2006,
[38]. Wu, M., R.C. Miller, and G. Little, Web Wallet: Preventing Phishing Attacks by Revealing User Intentions~ In Proceedings of The Second Symposium on Usable Privacy and Security(SOUPS 2006}. pp. 102-113 2006 .
[39]. Ye, Z., 5. Smith, ond D. Anthony, Trusted poths for browsers. ACM Transactions on Information and System Securify 2005. 8(2): p. 153-186.
[40]. Yee, K.-R ond K. 5itoker. Posspet: Convenient Possword Monogement ond Phishing Protection. In Proceedings of The Second Symposium on Usab\e Privacy and Security(SOUPS2OO6}. pp, 32-43 2006,
[4 I ]. Zolnikov, R , Extending Explorer with Bond Objects using,NET ond Windows Forms, The Code Project - C # Progromming Visited:Nov 20, 2006 .http://www~codeproject. corn/cshorp /dotnetbondobjects.osp
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Pdf 35 35 200 20
Online 35 35 200 15
Pdf & Online 35 35 400 25

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.