Presentation is loading. Please wait.

Presentation is loading. Please wait.

Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University

Similar presentations


Presentation on theme: "Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University"— Presentation transcript:

1 Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University E-mail: Surachai.Ch@ku.ac.th Automatic Phishing Site Detection and Blocking APAN 2008, Haweii 23 January 2008 This work is partially supported by Commission of Higher Education (CHE), UniNET, Thailand

2 2 Network Operation Center Kasetsart University Office of Computer Services Agenda What is Phishing ? Why Phishing Site Detection and Blocking are needed? Phishing Site Detection Techniques Proposed Solution: Detection and Blocking Techniques Current Deployment Future Work

3 3 Network Operation Center Kasetsart University Office of Computer Services Agenda

4 4 Network Operation Center Kasetsart University Office of Computer Services What is Phishing ? Attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details We concentrate only Detection and Blocking phishing site inside campus network

5 5 Network Operation Center Kasetsart University Office of Computer Services Agenda

6 6 Network Operation Center Kasetsart University Office of Computer Services Why Phishing Site Detection and Blocking are needed? Steal consumer’personal identity data Financial account credentials

7 7 Network Operation Center Kasetsart University Office of Computer Services Agenda

8 8 Network Operation Center Kasetsart University Office of Computer Services Phishing Site Detection Techniques E-mail Detection at Mail Gateway E-mail Detection at Mail Gateway https://signin.ebay.com

9 9 Network Operation Center Kasetsart University Office of Computer Services Agenda

10 10 Network Operation Center Kasetsart University Office of Computer Services Detection and Blocking Techniques Solution 1: Detection: Phishing Site URL Blocking: URL filtering techniques Solution 2: Detection: Phishing Site Content B Blocking: Firewall

11 11 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 1: Traffic Flows Phishing Site Detection and Blocking Engine Internet  

12 12 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Structure Communicator URL Analyzer Interne t mirror traffic (incoming) URL pattern Regular Expression URL matching Session Controller TCP Termination Phishing site blocking Phishing Site Detection and Blocking Engine

13 13 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 1: Procedure Gateway Phishing Site Detection and Blocking Engine Internet Phishing Site GET 3 1 search ? ?   Matching 5 FIN 2 GET 4 FIN Phishing URL Lists 2 GET

14 14 Network Operation Center Kasetsart University Office of Computer ServicesFiltering Solution 1: Session Hijacking SYN J SYN K, ACK J+1 ACK K+1 FIN L Client Server Data (request) Data (reply) Packet will be ignored Faked FIN by Filtering Engine

15 15 Network Operation Center Kasetsart University Office of Computer Services Solution 1: Session Hijacking FIN L Client Server Filtering Data (request) Data (reply) Successful filtering ACK L+1 Faked FIN FIN Mignored Unsuccessful filtering ACK M+1 FIN L Faked FIN

16 16 Network Operation Center Kasetsart University Office of Computer Services Solution 1: A Closure Look of Hijacking t 3 < t 4 t 3 - t 0 < t 4 -t 0 t 3 - t 0 < t 4 - t 0 t 3 - t 1 < RTT Success Condition From our measurement, t3 – t1 is less than 0.6 milliseconds. The average of t3 – t1 is about 0.2*RTT.

17 17 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Gateway Phishing Site Solution 2: Traffic Flows Phishing Site Detection and Blocking Engine Internet 12 34 4

18 18 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Structure Communicator Content Analyzer Interne t mirror traffic (outgoing) Content pattern Regular Expression content matching Firewall Phishing site blocking Phishing Site Detection and Blocking Engine

19 19 Network Operation Center Kasetsart University Office of Computer Services Solution 2: Phishing site pattern

20 20 Network Operation Center Kasetsart University Office of Computer Services Campu s Networ k Solution 2: Procedure Gateway Firewall Phishing Site Detection and Blocking Engine Internet Phishing Site 1 GET 2 2 Phishing Content Lists 3 Reply 4 4 ? ?   Matching search block 5 Reply X

21 21 Network Operation Center Kasetsart University Office of Computer Services Agenda

22 22 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Structure Uninet Thaisarn OCS KU firewall Phishing Site Detection Engine Ethernet 10 Gbps CPU : 2xDual Core Xeon 3.0 Ghz RAM : 1 GB HD : SATA 1 TB WebScreen Agent Ethernet 1 Gbps

23 23 Network Operation Center Kasetsart University Office of Computer Services Current Deployment: Testing Uninet Thaisarn OCS KU firewall Google phishing site detection Used “About Google” key word

24 24 Network Operation Center Kasetsart University Office of Computer Services Agenda

25 25 Network Operation Center Kasetsart University Office of Computer Services Future Work Use picture, such as logo, for detection Use AI to classified phishing site

26 26 Network Operation Center Kasetsart University Office of Computer Services Q&A

27 27 Network Operation Center Kasetsart University Office of Computer Services Thank You


Download ppt "Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan Phonphoem Office of Computer Services Kasetsart University"

Similar presentations


Ads by Google