PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

Slides:



Advertisements
Similar presentations
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Advertisements

PhishZoo: Detecting Phishing Websites By Looking at Them
Reinventing using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)
TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Internet Phishing Not the kind of Fishing you are used to.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
The OWASP Foundation OWASP Chennai Phishing.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Norman SecureSurf Protect your users when surfing the Internet.
Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen
HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
CPS 182s 1.1 Digital Watermark l What is a watermark? A digital watermark?  Message about a work is embedded in the work l What is steganography?  The.
Reliability & Desirability of Data
Ben Miller. Shawn “Jay Z” Carter  Rapper, Producer, Entrepreneur, Investor and Sports Agent  Worth nearly $500 Million  Arguably the most successful.
Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
A Proxy-based Real-time Protection Mechanism for Social Networking Sites Presented by Omar Alzahrani A Proxy-based Real-Time Protection Omar Alzahrani.
WHAT IS A WEBSITE AND HOW TO GET YOUR BUSINESS ONLINE Anna Gabali – 30/07/ MKLC.
CMU Usable Privacy and Security Laboratory Phinding Phish: An Evaluation of Anti-Phishing Toolbars Yue Zhang, Serge Egelman, Lorrie.
11 CANTINA: A Content- Based Approach to Detecting Phishing Web Sites Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/6/7.
Online Marketing communications. Learning Objectives Identify the major forms of online marketing communications Discuss the ways in which a Web site.
Anti-Phishing Approaches Lifeng Hu
Digital image processing is the use of computer algorithms to perform image processing on digital images which is a subfield of digital signal processing.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Phishing Webpage Detection Jau-Yuan Chen COMS E6125 WHIM March 24, 2009.
A bad case of content reuse Validator Website to Validate License Violations Validator – Only requires the URI of the site to check This work by Oshani.
Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.
A bad case of content reuse Validator Website to Validate License Violations Validator – Only requires the URI of the site to check for a license violation.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi.
 An essential supporting structure of any thing  A Software Framework  Has layered structure ▪ What kind of functions and how they interrelate  Has.
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
Computer Concepts 2014 Chapter 7 The Web and .
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
Goals Be able to identify the parts of a URL Determine the safeness of a link Know the best places to find the info you need Know how to deal with toolbars.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Search Engine and Optimization 1. Introduction to Web Search Engines 2.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
BUILD SECURE PRODUCTS AND SERVICES
CSCE 548 Student Presentation Ryan Labrador
CISC103 Web Development Basics: Web site:
ISYM 540 Current Topics in Information System Management
Ad-blocker circumvention System
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites
Software Applications for end-users
Phishing is a form of social engineering that attempts to steal sensitive information.
Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley.
Cross-Site Request Forgeries: Exploitation and Prevention
CISC103 Web Development Basics: Web site:
Recent Developments on Multimedia and Secure Networking Technologies
SEO Hand Book.
Recent Developments on Multimedia and Secure Networking Technologies
6. Application Software Security
Cross Site Request Forgery (CSRF)
Presentation transcript:

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014

What is Phishing & Phishing Trends A form of social engineering Phishers send fake site's url in spam mail A huge problem! Number of unique phishing sites in Sept 2013 alone – 45,115 ( 56.22% contain some form of target name in url) Number of unique phishing reports received by APWG - 56,767

Web 2.0 Security and Privacy 2014 PHAD – A Phishing Avoidance and Detection Tool Downloadable extension to Firefox browser. Uses invisible digital watermarking. Uses uniqueness of domain name of website. Uses robust digital watermarking. Implemented using Outguess – a universal steganographic tool. Based on observation that some phishers copy content of legitimate sites like source code and images to use in fake site.

Web 2.0 Security and Privacy 2014 Working of PHAD Companies invisibly watermark their logo images with the domain names of their websites. When phisher copies the image, the watermark travels along with it. Browser on client side detects watermark and compares to domain name. If both match, website is legitimate else website is phished.

Web 2.0 Security and Privacy 2014 Related Work Huajun Huang, Yaojun wang, Lili Xie and Liqing Jiang.An Active Anti-phishing Solution Based on Semi- fragile Watermark. Watermark concatenation of domain name and other parameters into source code of website by equal tag method. Can easily be reversed if phisher is aware of scheme.

Web 2.0 Security and Privacy 2014 Disclaimer PHAD is intended to serve only as a first defense and not as a complete filter. Artistic hackers having plenty of time on their hands could make a similar looking logo. If a phisher has access to the client watermark detection software, a phisher could observe it to remove watermark. Then re-watermark image. No known software exists to automate this yet. PHAD significantly increases effort required by phisher.

Web 2.0 Security and Privacy 2014 A Few Questions What if phisher takes screenshot or photograph of image? - watermark shall persist across screenshots and good quality photographs What if a company has multiple domain names? Eg google.in and google.us – We shall watermark all the domain names into the image. The client checks if at least one matches the extracted watermark. What if a company has multiple logos? - All domain names watermarked in all logos.

Web 2.0 Security and Privacy 2014 A Few Questions What if a website wants to embed logo of another company in its webpage? eg. CNN runs a story on Google or Facebook. Multiple images allowed on page. Company having highest ratio of images compared to domain name.

Web 2.0 Security and Privacy 2014 A Few Questions What if a website has two or more watermarked images? - The company having the highest ratio shall be compared to domain name. Instead, if both of images were to be compared, PHAD would fail. This is because attacker could put original image with watermark of company and her own image with her own fake site's watermark (which would match domain name of fake site)

Web 2.0 Security and Privacy 2014 A Few Questions How is this better than using Https? Users are not aware that url should be preceded by https instead of http. No single point of failure. Https can be used as added security measure along with PHAD.

Web 2.0 Security and Privacy 2014 Future Work Implement scheme for other browsers and other operating systems instead just firefox and linux. Audit top 20 banks and top 100 websites to see if they would be able to use this approach or not. Conduct a 'Wizard of Oz' study to demonstrate that users like and understand the approach.

Web 2.0 Security and Privacy 2014 Questions???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.