Presentation is loading. Please wait.

Presentation is loading. Please wait.

Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University

Published byScarlett Page Modified over 9 years ago

Similar presentations

Presentation on theme: "Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University"— Presentation transcript:

1 Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University E-mail: Surachai.Ch@ku.ac.th Automatic Phishing Site Detection and Blocking APAN 2008, Haweii 23 January 2008 This work is partially supported by Commission of Higher Education (CHE), UniNET, Thailand

2 2 Network Operation Center Kasetsart University Office of Computer Services Agenda What is Phishing ? Why Phishing Site Detection and Blocking are needed? Phishing Site Detection Techniques Proposed Solution: Detection and Blocking Techniques Current Deployment Future Work

3 3 Network Operation Center Kasetsart University Office of Computer Services Agenda

4 4 Network Operation Center Kasetsart University Office of Computer Services What is Phishing ? Attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details We concentrate only Detection and Blocking phishing site inside campus network

5 5 Network Operation Center Kasetsart University Office of Computer Services Agenda

6 6 Network Operation Center Kasetsart University Office of Computer Services Why Phishing Site Detection and Blocking are needed? Steal consumer’personal identity data Financial account credentials

7 7 Network Operation Center Kasetsart University Office of Computer Services Agenda

8 8 Network Operation Center Kasetsart University Office of Computer Services Phishing Site Detection Techniques E-mail Detection at Mail Gateway E-mail Detection at Mail Gateway https://signin.ebay.com

9 9 Network Operation Center Kasetsart University Office of Computer Services Agenda

10 10 Network Operation Center Kasetsart University Office of Computer Services Detection and Blocking Techniques Solution 1: Detection: Phishing Site URL Blocking: URL filtering techniques Solution 2: Detection: Phishing Site Content B Blocking: Firewall

11 11 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 1: Traffic Flows Phishing Site Detection and Blocking Engine Internet  

12 12 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Structure Communicator URL Analyzer Interne t mirror traffic (incoming) URL pattern Regular Expression URL matching Session Controller TCP Termination Phishing site blocking Phishing Site Detection and Blocking Engine

13 13 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 1: Procedure Gateway Phishing Site Detection and Blocking Engine Internet Phishing Site GET 3 1 search ? ?   Matching 5 FIN 2 GET 4 FIN Phishing URL Lists 2 GET

14 14 Network Operation Center Kasetsart University Office of Computer ServicesFiltering Solution 1: Session Hijacking SYN J SYN K, ACK J+1 ACK K+1 FIN L Client Server Data (request) Data (reply) Packet will be ignored Faked FIN by Filtering Engine

15 15 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Session Hijacking FIN L Client Server Filtering Data (request) Data (reply) Successful filtering ACK L+1 Faked FIN FIN Mignored Unsuccessful filtering ACK M+1 FIN L Faked FIN

16 16 Network Operation Center Kasetsart University Office of Computer Services Solution 1: A Closure Look of Hijacking t 3 < t 4 t 3 - t 0 < t 4 -t 0 t 3 - t 0 < t 4 - t 0 t 3 - t 1 < RTT Success Condition From our measurement, t3 – t1 is less than 0.6 milliseconds. The average of t3 – t1 is about 0.2*RTT.

17 17 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 2: Traffic Flows Phishing Site Detection and Blocking Engine Internet 12 34 4

18 18 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Structure Communicator Content Analyzer Interne t mirror traffic (outgoing) Content pattern Regular Expression content matching Firewall Phishing site blocking Phishing Site Detection and Blocking Engine

19 19 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Phishing site pattern

20 20 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 2: Procedure Gateway Firewall Phishing Site Detection and Blocking Engine Internet Phishing Site 1 GET 2 2 Phishing Content Lists 3 Reply 4 4 ? ?   Matching search block 5 Reply X

21 21 Network Operation Center Kasetsart University Office of Computer Services Agenda

22 22 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Structure Uninet Thaisarn OCS KU firewall Phishing Site Detection Engine Ethernet 10 Gbps CPU : 2xDual Core Xeon 3.0 Ghz RAM : 1 GB HD : SATA 1 TB WebScreen Agent Ethernet 1 Gbps

23 23 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Testing Uninet Thaisarn OCS KU firewall Google phishing site detection Used “About Google” key word

24 24 Network Operation Center Kasetsart University Office of Computer Services Agenda

25 25 Network Operation Center Kasetsart University Office of Computer Services Future Work Use picture, such as logo, for detection Use AI to classified phishing site

26 26 Network Operation Center Kasetsart University Office of Computer Services Q&A

27 27 Network Operation Center Kasetsart University Office of Computer Services Thank You

Download ppt "Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University"

Similar presentations

Transparent Firewall for Wireless Network

Transparent Firewall for Wireless Network
Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan PHONPHOEM Pirawat WATANAPONGSE Chalermpol CHUPAMPUN Office of Computer Services Kasetsart.

Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan PHONPHOEM Pirawat WATANAPONGSE Chalermpol CHUPAMPUN Office of Computer Services Kasetsart.
1 Experiences in Deploying Machines Registration and Integrated Linux Firewall with Traffic Shaper for Large Campus Network Kasom Koth-arsa 1, Surasak.

1 Experiences in Deploying Machines Registration and Integrated Linux Firewall with Traffic Shaper for Large Campus Network Kasom Koth-arsa 1, Surasak.
A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,

A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.

Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.

Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Incident Response Case in Cyber-Fraud -Case of Republic of Korea-

Incident Response Case in Cyber-Fraud -Case of Republic of Korea-
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Similar presentations

Ads by Google