Download presentation
Presentation is loading. Please wait.
Published byScarlett Page Modified over 9 years ago
1
Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University E-mail: Surachai.Ch@ku.ac.th Automatic Phishing Site Detection and Blocking APAN 2008, Haweii 23 January 2008 This work is partially supported by Commission of Higher Education (CHE), UniNET, Thailand
2
2 Network Operation Center Kasetsart University Office of Computer Services Agenda What is Phishing ? Why Phishing Site Detection and Blocking are needed? Phishing Site Detection Techniques Proposed Solution: Detection and Blocking Techniques Current Deployment Future Work
3
3 Network Operation Center Kasetsart University Office of Computer Services Agenda
4
4 Network Operation Center Kasetsart University Office of Computer Services What is Phishing ? Attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details We concentrate only Detection and Blocking phishing site inside campus network
5
5 Network Operation Center Kasetsart University Office of Computer Services Agenda
6
6 Network Operation Center Kasetsart University Office of Computer Services Why Phishing Site Detection and Blocking are needed? Steal consumer’personal identity data Financial account credentials
7
7 Network Operation Center Kasetsart University Office of Computer Services Agenda
8
8 Network Operation Center Kasetsart University Office of Computer Services Phishing Site Detection Techniques E-mail Detection at Mail Gateway E-mail Detection at Mail Gateway https://signin.ebay.com
9
9 Network Operation Center Kasetsart University Office of Computer Services Agenda
10
10 Network Operation Center Kasetsart University Office of Computer Services Detection and Blocking Techniques Solution 1: Detection: Phishing Site URL Blocking: URL filtering techniques Solution 2: Detection: Phishing Site Content B Blocking: Firewall
11
11 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 1: Traffic Flows Phishing Site Detection and Blocking Engine Internet
12
12 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Structure Communicator URL Analyzer Interne t mirror traffic (incoming) URL pattern Regular Expression URL matching Session Controller TCP Termination Phishing site blocking Phishing Site Detection and Blocking Engine
13
13 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 1: Procedure Gateway Phishing Site Detection and Blocking Engine Internet Phishing Site GET 3 1 search ? ? Matching 5 FIN 2 GET 4 FIN Phishing URL Lists 2 GET
14
14 Network Operation Center Kasetsart University Office of Computer ServicesFiltering Solution 1: Session Hijacking SYN J SYN K, ACK J+1 ACK K+1 FIN L Client Server Data (request) Data (reply) Packet will be ignored Faked FIN by Filtering Engine
15
15 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Session Hijacking FIN L Client Server Filtering Data (request) Data (reply) Successful filtering ACK L+1 Faked FIN FIN Mignored Unsuccessful filtering ACK M+1 FIN L Faked FIN
16
16 Network Operation Center Kasetsart University Office of Computer Services Solution 1: A Closure Look of Hijacking t 3 < t 4 t 3 - t 0 < t 4 -t 0 t 3 - t 0 < t 4 - t 0 t 3 - t 1 < RTT Success Condition From our measurement, t3 – t1 is less than 0.6 milliseconds. The average of t3 – t1 is about 0.2*RTT.
17
17 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 2: Traffic Flows Phishing Site Detection and Blocking Engine Internet 12 34 4
18
18 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Structure Communicator Content Analyzer Interne t mirror traffic (outgoing) Content pattern Regular Expression content matching Firewall Phishing site blocking Phishing Site Detection and Blocking Engine
19
19 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Phishing site pattern
20
20 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 2: Procedure Gateway Firewall Phishing Site Detection and Blocking Engine Internet Phishing Site 1 GET 2 2 Phishing Content Lists 3 Reply 4 4 ? ? Matching search block 5 Reply X
21
21 Network Operation Center Kasetsart University Office of Computer Services Agenda
22
22 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Structure Uninet Thaisarn OCS KU firewall Phishing Site Detection Engine Ethernet 10 Gbps CPU : 2xDual Core Xeon 3.0 Ghz RAM : 1 GB HD : SATA 1 TB WebScreen Agent Ethernet 1 Gbps
23
23 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Testing Uninet Thaisarn OCS KU firewall Google phishing site detection Used “About Google” key word
24
24 Network Operation Center Kasetsart University Office of Computer Services Agenda
25
25 Network Operation Center Kasetsart University Office of Computer Services Future Work Use picture, such as logo, for detection Use AI to classified phishing site
26
26 Network Operation Center Kasetsart University Office of Computer Services Q&A
27
27 Network Operation Center Kasetsart University Office of Computer Services Thank You
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.