University of Surrey

Test tubes in the lab Research in the ATI Dance Research

A novel anti-phishing framework based on honeypots

Li, SJ and Schmitz, R (2009) A novel anti-phishing framework based on honeypots In: 4th Annual APWG eCrime Researchers Summit (eCrime 2009 or eCRS 2009), 2009-10-20 - 2009-10-21, Tacoma, WA, USA.

[img] Text
APWG-eCRS2009.pdf
Restricted to Repository staff only
Available under License : See the attached licence file.

Download (5MB)
[img] Text (licence)
SRI_deposit_agreement.pdf
Restricted to Repository staff only

Download (33kB)

Abstract

As a powerful anti-phishing tool, honeypots have been widely used by security service providers and financial institutes to collect phishing mails, so that new phishing sites can be earlier detected and quickly shut down. Another popular use of honeypots is to collect useful information about phishers' activities, which is used to make various kinds of statistics for the purposes of research and forensics. Recently, it has also been proposed to actively feed phishers with honeytokens. In the present paper, we discuss some problems of existing anti-phishing solutions based on honeypots. We propose to overcome these problems by transforming the real e-banking system itself into a honeypot equipped with honeytokens and supported by some other kinds of honeypots. A phishing detector is used to automatically detect suspicious phishers' attempts of stealing money from victims' accounts, and then ask for the potential victims' reconfirmation. This leads to a novel anti-phishing framework based on honeypots. As an indispensable part of the framework, we also propose to use phoneybots, i.e., active honeypots running in virtual machines and mimicking real users' behavior to access the real e-banking system automatically, in order to submit honeytokens to pharmers and phishing malware. The involvement of phoneybots is crucial to fight against advanced phishing attacks such as pharming and malware-based phishing attacks.

Item Type: Conference or Workshop Item (UNSPECIFIED)
Authors :
NameEmailORCID
Li, SJUNSPECIFIEDUNSPECIFIED
Schmitz, RUNSPECIFIEDUNSPECIFIED
Date : 2009
Identification Number : 10.1109/ECRIME.2009.5342609
Contributors :
ContributionNameEmailORCID
http://www.loc.gov/loc.terms/relators/PBLIEEE, UNSPECIFIEDUNSPECIFIED
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Mar 2017 14:42
Last Modified : 31 Oct 2017 14:35
URI: http://epubs.surrey.ac.uk/id/eprint/532445

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800