Part of the book series:IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 297))
Included in the following conference series:
1056Accesses
Abstract
We present and analyze a design of an filtering system to block email phishing messages, combining reputation, authentication and classification mechanisms. We present simple economical model and analysis, showing sufficient conditions on the precision of the content-classifier, to make phishing unprofitable.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S.: A comparison of machine learning techniques for phishing detection. In: Cranor, L.F. (ed.) Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit 2007, Pittsburgh, Pennsylvania, USA. ACM International Conference Proceeding Series, vol. 269, pp. 60–69. ACM, New York (2007),http://doi.acm.org/10.1145/1299015.1299021
Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: DomainKeys Identified Mail (DKIM) signatures. Internet Request for Comment RFC 4871, Internet Engineering Task Force (2007),http://tools.ietf.org/html/4871
del Castillo, M.D., Iglesias, Á., Serrano, J.I.: An integrated approach to filtering phishing E-mails. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds.) EUROCAST 2007. LNCS, vol. 4739, pp. 321–328. Springer, Heidelberg (2007),http://dx.doi.org/10.1007/978-3-540-75867-9_41
Dhamija, R., Tygar, D., Hearst, M.: Why phishing works. In: Proceedings of the Conference on Human Factors in Computing Systems (CHI 2006), Montreal, Quebec, Canada, pp. 581–590 (2006)
Duan, Z., Gopalan, K., Yuan, X.: Behavioral characteristics of spammers and their network reachability properties. In: Proc. of the International Conference on Communications (ICC), Glasgow, UK (June 2007)
Fette, I., Sadeh, N.M., Tomasic, A.: In: Williamson, C.L., Zurko, M.E., Patel-Schneider, P.F., Shenoy, P.J. (eds.) Proceedings of the 16th International Conference on World Wide Web, WWW 2007, Banff, Alberta, Canada, May 8-12, pp. 649–656. ACM, New York (2007),http://doi.acm.org/10.1145/1242572.1242660
Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. IEEE Transactions on Internet Technology (2008)
Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: a study of (rot13) ronl query features. In: WWW 2006: Proceedings of the 15th international conference on World Wide Web, pp. 513–522. ACM Press, New York (2006),http://doi.acm.org/10.1145/1135777.1135853
Leiba, B., Borenstein, N.S.: A multifaceted approach to spam reduction. In: CEAS 2004 - First Conference on Email and Anti-Spam (2004)
Lieba, B., Fenton, J.: DomainKeys Identified Mail (DKIM): Using digital signatures for domain verification. In: CEAS 2007: The Third Conference on Email and Anti-Spam (2007)
Lyon, J., Wong, M.W.: Sender ID: Authenticating E-mail. Internet Request for Comment RFC 4406, Internet Engineering Task Force (2006)
Resnick, P.: Internet message format. Request for comments 2822 (2001)
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J.I., Nunge, E.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Cranor, L.F. (ed.) Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS, Pittsburgh, Pennsylvania, USA. ACM International Conference Proceeding Series, vol. 229, pp. 88–99. ACM, New York (2007),http://doi.acm.org/10.1145/1280680.1280692
Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for authorizing use of domains in E-mail, version 1. Internet Request for Comment RFC 4871, Internet Engineering Task Force (2006),http://tools.ietf.org/html/4408
Author information
Authors and Affiliations
Computer Science Department, Bar Ilan University, Ramat Gan, 52900, Israel
Amir Herzberg
- Amir Herzberg
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
Information Security and Infrastructure Protection Research Group, Dept. of Informatics, Athens University of Economics and Business, 76 Patission Ave., P.O. Box, GR-10434, Athens, Greece
Dimitris Gritzalis
Computer Science Department, E.T.S.I. Informatica, University of Malaga, Campus Teatinos, 29071, Malaga, Spain
Javier Lopez
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Herzberg, A. (2009). Combining Authentication, Reputation and Classification to Make Phishing Unprofitable. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_2
Download citation
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-642-01243-3
Online ISBN:978-3-642-01244-0
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative