1 Phinding Phish : Evaluating Anti- Phishing Tools Yue Zhang,Jason Hong (2007) Carnegie Mellon University.

Slides:

Advertisements

Similar presentations

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Advertisements

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Internet Phishing Not the kind of Fishing you are used to.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

© 2004 TransUnion LLC. All Rights Reserved. August 10, 2005 Seven Easy Steps to Fraud Prevention Northwestern University Clifton M. O’Neal Director, Corporate.

Safe Information By Eli Salazar. The Government The Internet A strategic way to communicate top secret plans. The government used Internet for its safety.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.

Usable Privacy and Security Jason I. Hong Carnegie Mellon University.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Spyware & Phishing Enrique Escribano

Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

New Teacher Tech Training Coffeeville School District.

STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.

Phishing Rising to the challenge Amy Marasco Microsoft.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

March 2007 | Prague 1 Technical University of Vienna Politecnico di Milano Engin Kirda Christopher Kruegel Angelo P.E. Rosiello AntiPhish: An Anti-Phishing.

Web-Phishing – Techniques and Countermeasures CIS5370 Computer Security Fall 2008 Muhammad Khalil / Marcus Wolff.

Anti Phishing & Spam -- by lynn. Spam Anti Spam and How White-lists Black-lists Heuristics –Bayes –Neural Networks Static technique –keyword checking.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.

Reliability & Desirability of Data

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Browsing the Web Session 3. Objectives Student will knowhow to search on the internet, how to complete a form.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University

CMU Usable Privacy and Security Laboratory Phinding Phish: An Evaluation of Anti-Phishing Toolbars Yue Zhang, Serge Egelman, Lorrie.

11 CANTINA: A Content- Based Approach to Detecting Phishing Web Sites Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/6/7.

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)

Browser Security Evaluation IE6 vs. IE7 vs. Firefox 3.0 Gowri Kanugovi.

Anti-Phishing Approaches Lifeng Hu

How To Preserve Online Privacy. 6 Major Ways To Protect Privacy  1.) Learn to Clear Browsing History  2.) Familiarize Yourself with Privacy Settings.

Phishing Webpage Detection Jau-Yuan Chen COMS E6125 WHIM March 24, 2009.

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

How Phishing Works Prof. Vipul Chudasama.

C MU U sable P rivacy and S ecurity Laboratory Protecting People from Phishing: The Design and Evaluation of an Embedded Training.

Mrs. Walls September/October Learning the Web Vocabulary Web Sites Web Pages Web Browser To Bibliography Bibliography.

A Social Approach to Security: Using Social Networks to Help Detect Malicious Web Content Michael Robertson, Yin Pan, and Bo Yuan Department of Networking,

Phishing & Pharming. 2 Oct to July 2005 APWG.

Staying Secure Online How do we buy and sell safely on the Internet?

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.

Return to the PC Security web page Lesson 4: Increasing Web Browser Security.

Microsoft Windows 7 - Illustrated Unit G: Exploring the Internet with Microsoft Internet Explorer.

Part One: Introduction  How to Log on  Which Browser to use  The URL for the site  The Home Page

How to Use Safe Money in Kaspersky? Help Desk Number.

SMART CARD ONLINE REGISTRATION PROCESS

ISYM 540 Current Topics in Information System Management

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites

Conveying Trust Serge Egelman.

Servicenumber.org/internet-explorer. Resolve Issue Internet Explorer.

Starter What is identity theft?

Computer Security.

Teaching you NOT to fall for Phish

start to finish – November 20181

Presentation transcript:

1 Phinding Phish : Evaluating Anti- Phishing Tools Yue Zhang,Jason Hong (2007) Carnegie Mellon University

2 Topics Problem description Solution approach Evaluation Conclusion

3 Problem description What is Phishing sites? - attempt to obtain personal information through deception users,password, social security numbers, credit card numbers, account usernames (Internet). - phishing usually initiated through “junk ” What is Anti-Phishing Tools? It’s detection phishing site.

4 Solution approach - eBay, Inc. Using eBay Tool’s. - Google, Inc. Google Safe Browsing for Firefox.. - EarthLink, Inc EarthLink Tool. November - Microsoft,Inc. Internet Explorer 7 Tools. - CallingID,Ltd. CallingID, - Stanford University spoofguard & etc.

5 eBay Tool Firefox Tool IE7 SpoofGuard Tool Tools Bar Anti Phishing Sites

6 Evaluation Catch rate of each tool over time using phishtank.com URLs. Note that SpoofGuard's catch rate is estimated after time 0. phishtank.com

7 Evaluation Catch rate of each tool over time using APWG URLs. Note that SpoofGuard's catch rate is estimated after time 0. APWG URLs

8 Conclusion SpoofGuard - very good at identifying phishing sites - Detect more 90%.of phishing site. - Heuristic methods &Static technique. - Very high false positive rate. - Detection phishing sites in start the same in late time - Must use both Heuristic methods &blacklist. - You must use one tool at least

9 Thanks & Questions