A Multistage Framework to Defend Against Phishing Attacks

A Multistage Framework to Defend Against Phishing Attacks

Madhusudhanan Chandrasekaran (SUNY at Buffalo, USA) and Shambhu Upadhyaya (State University of New York, USA)
DOI: 10.4018/978-1-60566-132-2.ch011
OnDemand PDF Download:


Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such scams, mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this growing problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. To overcome these limitations, we propose a multistage framework – the first stage aims at detecting phishing based on their semantic and structural properties, whereas in the second stage we propose a proactive technique based on a challenge-response technique to establish the authenticity of a Web site. Using live e-mail data, we demonstrate that our approach with these two stages is able to detect a wider range of phishing attacks than existing schemes. Also, our performance analysis study shows that the implementation overhead introduced by our tool is negligibly small.
Chapter Preview


Phishing is a form of Web based attack where attackers employ deceit and social engineering to defraud users of their private and confidential information such as password, credit card number, social security number (SSN), and bank account number. As the Internet is becoming the de facto medium for online banking and trade, phishing attacks are gaining notoriety, especially amongst hacker communities. Anonymity over the Internet, coupled with the potential for large financial gains serves as strong motivation for attackers to perpetrate such seemingly low risk, yet high return scams. The first recorded mention of phishing attacks was in AOL forums (“Phishing - Wikipedia,”) wherein attackers posing as system administrators tricked the registered users into disclosing their account information. Since then, phishing attacks growing in sophistication and ingenuity have affected millions of users causing heavy monetary damage. For example, in the year 2006 alone, phishing attacks cost $2.8 billion in losses to consumers and commercial organizations worldwide (Gartner Press Release, 2006).

Due to its widespread adoption and ability to be easily spoofed, email continues to be the favorite vehicle to perpetrate such scams. Email based phishing attacks are usually carried out as a three step process: (i) In the first step, phishers harvest email addresses of their potential victims from Web pages, online forums and by other social engineering mechanisms; (ii) For the second step, a large volume of specially crafted emails appearing to originate from legitimate domains is dispatched to the assimilated list using open SMTP servers and compromised machines. These emails contain hyperlinks which redirect the users to a fake Web site similar in appearance to the legitimate domain; (iii) Finally, account details and other personal information are collected from the users who unsuspectingly provide them into the fake Web site thinking it to be a legitimate one. Phishing attacks, like other social engineering attacks, for their success depend upon users’ lack of system knowledge. Phishers adopt a variety of visual deception agents to imitate the legitimate Web site’s look-and-feel (Drake, Oliver, & Koontz, 2004). The mimicry of a legitimate Web site is usually achieved through spoofing the URLs with non-ASCII Unicode characters using customized images to mask fake URLs and embedding the fake Web sites within images that resemble a browser window. Recent studies (Dhamija, Tygar, & Hearst, 2006) show that naïve users are inept in identifying common browser based cues such as address bar, status bar, SSL certificates, and toolbar indicators and often fall prey to such imitation sites.

Until recently, anti-spam techniques were employed to detect phishing emails. However as phishing emails closely resemble their legitimate counterpart, they do not share similar features as that of spam emails. Also, there exist a vast number of readily available tools that can bypass both the statistical and rule based spam filters. Several browser extensions and plug-ins have been proposed to detect phishing attacks. Although these techniques act as a first line of defense, they suffer from many limitations. First, as these approaches operate on the fake Web site, they take the users a step closer to the attack giving little leeway for suspicion. Second, most of the existing defense mechanisms are not automated and delegate the onus of decision making onto the users. Third, as these tools embrace the authenticity of the IP address as an important classification criterion, they fail to protect from attacks that are launched within the realm of legitimate domain. For example, an attacker could compromise a Web server and launch phishing pages from the domain itself1.

Key Terms in this Chapter

Context Models: Context models encapsulate the messages conveyed in the phishers’ emails to attract the potential victims into the fake Web sites. Phishers usually employ some kind of threat, fake reward, and false pretext in their email message to trick the users.

Phishing Email Structural Properties: Phishing email structural properties represent the set of invariant features that are present in most, if not all, of the phishing emails. These invariant properties are mostly visual deceptive agents employed by the phisher to trick the users. These invariant properties also helps in building discriminators that are accurate and less prone to false positives.

Challenge-Response Analysis: Challenge-response analysis is an authentication mechanism where either one or both the communicating parties adhere to a pre-agreed protocol used in verifying their identities. The party which desires to prove its identity has to provide correct response to the challenge posed by the opposite party with which it desires to communicate.

Email / Web site Spoofing: Email/Web site spoofing is the process by which the look-and-feel and the behavior of fake Web sites/emails is forged to mimic their legitimate counterpart.

Linear Binary Classification: The process of separating a set of m examples {(x1, y1)… (xm, ym)} into two regions by a linearly separable hyperplane parameterized by w such that yi (xi . w + b) > 0 for all i = 1…m. Such a hyperplane is called as separating hyperplane.

Feature Selection: Feature Selection is a process of selecting a subset of relevant features so that the net performance of underlying classifier is increased. Feature selection helps to minimize the presence of “noise” that adversely affects the model building.

Phishing: Phishing is a form of Web based identity theft where attackers employ deceit and social engineering to defraud users of their private and confidential information such as password, credit card number, social security number (SSN), and bank account number.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
John Walp
Manish Gupta, Raj Sharman
Chapter 1
C. Warren Axelrod
This chapter examines the impact of catastrophes on information security and suggests who might have responsibility for maintaining an appropriate... Sample PDF
Responsibilities and Liabilities with Respect to Catastrophes
Chapter 2
David Porter
This chapter discusses the latest developments in the shifting threat landscape and their impact on the world of information security. It describes... Sample PDF
The Complex New World of Information Security
Chapter 3
Ahmed Awad E. Ahmed
In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources faced by corporate, as... Sample PDF
Employee Surveillance Based on Free Text Detection of Keystroke Dynamics
Chapter 4
Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan
An online business organization spends millions of dollars on firewalls, anti-virus, intrusion detection systems, digital signature, and encryption... Sample PDF
E-Risk Insurance Product Design: A Copula Based Bayesian Belief Network Model
Chapter 5
Guoling Lao
E-commerce mode aggravates information asymmetry so that honesty-credit problems become more serious. This chapter discusses the honesty-credit... Sample PDF
E-Commerce Security and Honesty-Credit
Chapter 6
Zhixiong Zhang, Xinwen Zhang, Ravi Sandhu
This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies... Sample PDF
Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration
Chapter 7
Chandan Mazumdar
There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by... Sample PDF
Enterprise Information System Security: A Life-Cycle Approach
Chapter 8
Peter O. Orondo
Most companies would agree that securing their information assets is worth some investment. It is thus plausible to assume that low levels of IT... Sample PDF
An Alternative Model of Information Security Investment
Chapter 9
George O.M. Yee
The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the... Sample PDF
Avoiding Pitfalls in Policy-Based Privacy Management
Chapter 10
Supriya Singh
Enabling customers to influence the way they are represented in the bank’s databases, is one of the major personalization, responsiveness, and... Sample PDF
Privacy and Banking in Australia
Chapter 11
Madhusudhanan Chandrasekaran, Shambhu Upadhyaya
Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such... Sample PDF
A Multistage Framework to Defend Against Phishing Attacks
Chapter 12
Ghita Kouadri Mostefaoui, Patrick Brézillon
In recent years, the security research community has been very active in proposing different techniques and algorithms to face the proliferating... Sample PDF
A New Approach to Reducing Social Engineering Impact
Chapter 13
Yang Wang
Privacy-enhancing technologies (PETs), which constitute a wide array of technical means for protecting users’ privacy, have gained considerable... Sample PDF
Privacy-Enhancing Technologies
Chapter 14
Douglas P. Twitchell
This chapter introduces and defines social engineering, a recognized threat to the security of information systems. It also introduces a taxonomy... Sample PDF
Social Engineering and its Countermeasures
Chapter 15
Tom S. Chan
Social networking has become one of the most popular applications on the Internet since the burst of the dot-com bubble. Apart from being a haven... Sample PDF
Social Networking Site: Opportunities and Security Challenges
Chapter 16
James W. Ragucci, Stefan A. Robila
Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are... Sample PDF
Designing Antiphishing Education
Chapter 17
Serkan Ada
This chapter discusses the recent theories used in information security research studies. The chapter initially introduces the importance of the... Sample PDF
Theories Used in Information Security Research: Survey and Agenda
Chapter 18
Samuel Liles
Information assurance education is an interdisciplinary endeavor that only when taken as a holistic and inclusive educational activity can be... Sample PDF
Information Assurance and Security Curriculum Meeting the SIGITE Guidelines
Chapter 19
Gary Hinson
This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by... Sample PDF
Information Security Awareness
Chapter 20
Nick Pullman, Kevin Streff
Security training and awareness is often overlooked or not given sufficient focus in many organizations despite being a critical component of a... Sample PDF
Creating a Security Education, Training, and Awareness Program
Chapter 21
E. Kritzinger, S.H von Solms
This chapter introduces information security within the educational environments that utilize electronic resources. The education environment... Sample PDF
Information Security Within an E-Learning Environment
Chapter 22
Donald Murphy, Manish Gupta, H.R. Rao
We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and... Sample PDF
Research Notes on Emerging Areas of Conflict in Security
Chapter 23
C. Orhan Orgun
This chapter develops a linguistically robust encryption system, LunabeL, which converts a message into syntactically and semantically innocuous... Sample PDF
The Human Attack in Linguistic Steganography
Chapter 24
Sérgio Tenreiro de Magalhães, Kenneth Revett, Henrique M.D. Santos, Leonel Duarte dos Santos, André Oliveira, César Ariza
The traditional approach to security has been the use of passwords. They provide the system with a barrier to access what was quite safe in the... Sample PDF
Using Technology to Overcome the Password's Contradiction
Chapter 25
Antonio Cerone
Reducing the likelihood of human error in the use of interactive systems is increasingly important. Human errors could not only hinder the correct... Sample PDF
Formal Analysis of Security in Interactive Systems
Chapter 26
Tejaswini Herath
It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the... Sample PDF
Internet Crime: How Vulnerable Are You? Do Gender, Social Influence and Education play a Role in Vulnerability?
Chapter 27
Jarrod Trevathan
Shill bidding is where spurious bids are introduced into an auction to drive up the final price for the seller, thereby defrauding legitimate... Sample PDF
Detecting Shill Bidding in Online English Auctions
Chapter 28
Carsten Röcker, Carsten Magerkurth, Steve Hinske
In this chapter we present a novel concept for personalized privacy support on large public displays. In the first step, two formative evaluations... Sample PDF
Information Security at Large Public Displays
Chapter 29
Yuko Murayama, Carl Hauser, Natsuko Hikage, Basabi Chakraborty
The sense of security, identified with the Japanese term, Anshin, is identified as an important contributor to emotional trust. This viewpoint... Sample PDF
The Sense of Security and Trust
About the Contributors