Anti-Phishing in Offense and Defense

12 years 6 months ago
Anti-Phishing in Offense and Defense
Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing sites. In this paper, instead of preventing human users from “biting the bait”, we propose a new approach to protect against phishing attacks with “bogus bites”. We develop BogusBiter, a unique client-side antiphishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. BogusBiter conceals a victim’s real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches. We implement BogusBiter as an ex...
Chuan Yue, Haining Wang
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2008
Authors Chuan Yue, Haining Wang
Comments (0)