CLIENT-SIDE DEFENSE AGAINST PHISHING WITH PAGESAFE

Abstract

Everyday, a number of attacks are launched with the aim of making web users believe that they are communicating with a trusted entity for the purpose of stealing account information, logon credentials, and identity information in general. These attacks, commonly known as "phishing attacks," are most commonly initiated by sending out emails with links to spoofed websites that harvest information. Many anti-phishing schemes have recently been proposed in literature. Despite all those efforts, the threat of phishing attacks is not mitigated. Blacklist approaches where a list of phishing URLs is maintained by anti-phishing organizations, are partially effective. These schemes require the blacklist provider organizations to be much faster than phishers and effectiveness is based on the quality of blacklist otherwise phishing attack can cause damage. Another approach is to preserve secret information but to keep their private information could be irritating works for users. The effectiveness of private information preserving approaches is totally dependent on users. Solutions based on automatic classification have problems of false negatives and false positives. This dissertation proposes PageSafe — an anti-phishing tool that prevents accesses to phishing sites through URL validation and also detects DNS poisoning attacks. PageSafe also examines the anomalies in web pages and uses a machine learning approach for automatic classification. PageSafe does not preserve any secret information and requires very less input from user. PageSafe performs automatic classification but by taking advantage of user assistance and external repositories, hence the number of false positives is reduced by a significant value. PageSafe is based on an approach opposite to blacklist approach removing the race between phishers and anti-phishing organizations. PageSafe maintains a whitelist of URLs with the mapping of corresponding IPs. This list is referenced first for resolving JP of a URL to protect user from DNS poisoning attacks. With PageSafe users help to decide whether or not a web page is legitimate. This report also presents an analysis on effectiveness of PageSafe based on an experiment done on a set of phishing pages and compares PageSafe with other available browser toolbars.