CMU Usable Privacy and Security Laboratory Phinding Phish: An Evaluation of Anti-Phishing Toolbars Yue Zhang, Serge Egelman, Lorrie.

Slides:



Advertisements
Similar presentations
PhishZoo: Detecting Phishing Websites By Looking at Them
Advertisements

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta.
Design and Evaluation of a Real-Time URL Spam Filtering Service
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.
The Importance of Being Earnest [in Security Warnings] Serge Egelman (UC Berkeley) Stuart Schechter (Microsoft Research)
ITrustPage: Pretty Good Phishing Protection Stefan Saroiu, Troy Ronda, and Alec Wolman University of Toronto and Microsoft Research.
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.
Jason Hong, PhD Carnegie Mellon University Wombat Security Technologies Teaching Johnny Not to Fall for Phish.
June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
CMU Usable Privacy and Security Laboratory A Brief History of Semantic Attacks or How Not to Get Screwed Online Serge Egelman.
CyLab Usable Privacy and Security Laboratory C yLab U sable P rivacy and S ecurity Laboratory Statistical.
Usable Privacy and Security: Protecting People from Online Phishing Scams Alessandro Acquisti Lorrie Cranor Julie Downs Jason Hong Norman Sadeh Carnegie.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Usable Privacy and Security Jason I. Hong Carnegie Mellon University.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Norman SecureSurf Protect your users when surfing the Internet.
Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen
Presented By Jay Dani.  Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine,
STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.
March 2007 | Prague 1 Technical University of Vienna Politecnico di Milano Engin Kirda Christopher Kruegel Angelo P.E. Rosiello AntiPhish: An Anti-Phishing.
Web-Phishing – Techniques and Countermeasures CIS5370 Computer Security Fall 2008 Muhammad Khalil / Marcus Wolff.
Anti Phishing & Spam -- by lynn. Spam Anti Spam and How White-lists Black-lists Heuristics –Bayes –Neural Networks Static technique –keyword checking.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.
Web Security Tips Li-Chiou Chen & Mary Long Pace University September 1 st, 2010.
Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)
11 CANTINA: A Content- Based Approach to Detecting Phishing Web Sites Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/6/7.
Browser Security Evaluation IE6 vs. IE7 vs. Firefox 3.0 Gowri Kanugovi.
The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.
Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.
An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.
11 A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval Reporter: 林佳宜 /10/17.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Preventing Automated Use of STMP Reservation System Using CAPTCHA.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
C MU U sable P rivacy and S ecurity Laboratory Protecting People from Phishing: The Design and Evaluation of an Embedded Training.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.
How to Setup Scan to on most Sharp Models.
Phishing & Pharming. 2 Oct to July 2005 APWG.
Usable Privacy and Security and Mobile Social Services Jason Hong
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Usable Privacy and Security.
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.
1 Phinding Phish : Evaluating Anti- Phishing Tools Yue Zhang,Jason Hong (2007) Carnegie Mellon University.
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
iTrustPage: Pretty Good Phishing Protection
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites
Conveying Trust Serge Egelman.
Protect Your Computer Against Harmful Attacks!
Tom Chothia Computer Security
Presentation transcript:

CMU Usable Privacy and Security Laboratory Phinding Phish: An Evaluation of Anti-Phishing Toolbars Yue Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong

CMU Usable Privacy and Security Laboratory Anti-Phishing Tools 84 Listed on download.com (Sept. ‘06) Included in many browsers Poor usability Many users don’t see indicators Many choose to ignore them But usability is being addressed Are they accurate?

CMU Usable Privacy and Security Laboratory Tools Tested CallingID Cloudmark EarthLink

CMU Usable Privacy and Security Laboratory Tools Tested eBay Firefox

CMU Usable Privacy and Security Laboratory Tools Tested IE7

CMU Usable Privacy and Security Laboratory Tools Tested Netcraft Netscape

CMU Usable Privacy and Security Laboratory Tools Tested SpoofGuard TrustWatch

CMU Usable Privacy and Security Laboratory Source of Phish High volume of fresh phish Sites taken down after a day on average Fresh phish yield blacklist update information Can’t use toolbar blacklists We experimented with several sources APWG - high volume but many duplicates and legitimate URLs included Phishtank.org - lower volume but easier to extract phish Assorted other phish archives - often low volume or not fresh enough

CMU Usable Privacy and Security Laboratory Phishing Feeds Anti-Phishing Working Group ISPs, individuals, etc. >2,000 messages/day Filtering out URLs from messages PhishTank Submitted by public ~48 messages/day Manually verify URLs

CMU Usable Privacy and Security Laboratory Testbed for Anti-Phishing Toolbars Automated testing Aggregate performance statistics Key design issue: Different browsers Different toolbars Different indicator types Solution: Image analysis Compare screenshots with known states

CMU Usable Privacy and Security Laboratory Phish!! Warning!! Image-Based Comparisons Two examples: TrustWatch and Google TrustWatch: Google: ScreenShot Verified Not verified

CMU Usable Privacy and Security Laboratory Testbed System Architecture

CMU Usable Privacy and Security Laboratory Testbed System Architecture Retrieve Potential Phishing Sites

CMU Usable Privacy and Security Laboratory Testbed System Architecture Send URL to Workers

CMU Usable Privacy and Security Laboratory Testbed System Architecture Worker Evaluates Potential Phishing Site

CMU Usable Privacy and Security Laboratory Testbed System Architecture Task Manager Aggregates Results

CMU Usable Privacy and Security Laboratory Experiment Methodology Catch Rate: Given a set of phishing URLs, what percentage of them are correctly labeled as phish by the tool - count block and warning only - taken down sites removed False Positives: Given a set of legitimate URLs, what percentage of them are incorrectly labeled as phish by the tool - count block and warning only - taken down sites removed

CMU Usable Privacy and Security Laboratory Experiment 1 PhishTank feed used Equipment: 1 Notebook as Task Manager 2 Notebooks as Workers 10 Tools Examined: CloudMark Earthlink eBay IE7 Google/Firefox McAfee Netcraft Netscape SpoofGuard TrustWatch

CMU Usable Privacy and Security Laboratory Experiment phishing URLs PhishTank feed Manually verified Re-examined at 1, 2, 12, 24 hour intervals Examined blacklist update rate (except w/SpoofGuard) Examined take-down rate 514 legitimate URLs 416 from 3Sharp report 35 from bank log-in pages 35 from top pages by Alexa 30 random pages

CMU Usable Privacy and Security Laboratory Experiment 2 APWG phishing feed 9 of the same toolbars tested + CallingID Same testing environment

CMU Usable Privacy and Security Laboratory Results of Experiment 1

CMU Usable Privacy and Security Laboratory Results of Experiment 2

CMU Usable Privacy and Security Laboratory False Positives ToolbarFalse Positive SpoofGuard218 (42%) CallingID10 (2%) Cloudmark5 (1%) EarthLink5 (1%) Not a big problem for most of the toolbars

CMU Usable Privacy and Security Laboratory Overall findings No toolbar caught 100% Good performers: SpoofGuard (>90%)  Though 42% false positives IE7 (70%-80%) Netcraft (60%-80%) Firefox (50%-80%) Most performed poorly: Netscape (10%-30%) CallingID (20%-40%)

CMU Usable Privacy and Security Laboratory More findings Performance varied with feed Better with Phishtank:  Cloudmark, Earthlink, Firefox, Netcraft Better with APWG:  eBay, IE7, Netscape Almost the same:  Spoofguard, Trustwatch Different increases over time More increases on APWG Reflects the “freshness” of URLs

CMU Usable Privacy and Security Laboratory CDN Attack Many tools use blacklists Many examine IP addresses (location, etc.) Proxies distort URLs Used Coral CDN Append.nyud.net:8090 to URLs Uses PlanetLab Works on: Cloudmark Google TrustWatch Netcraft Netscape

CMU Usable Privacy and Security Laboratory Page Load Attack Some wait for page to be fully loaded SpoofGuard eBay Insert a web bug taking infinite load time 5 lines of PHP 1x1 GIF Infinite loop spitting out data very slowly Tool stays in previous state Unable to indicate anything

CMU Usable Privacy and Security Laboratory Conclusion Tool Performance No toolbars are perfect No single toolbar will outperform others Heuristics have false positives  Whitelists?  Hybrid approach? Testing Methodology Get fresher URLs Test other than default settings User interfaces Usability is important  Traffic light?  Pop up message?  Re-direct page?

CMU Usable Privacy and Security Laboratory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.