Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
Electronics Letters — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

  • Author(s): H. Kim 1  and  J.H. Huh 2
    • View affiliations
    • Affiliations: 1: Computer Laboratory, University of Cambridge, Cambridge, United Kingdom
      2: Information Trust Institute, University of Illinois at Urbana–Champaign, USA
  • Source: Volume 47, Issue 11, 26 May 2011, p. 656 – 658
    DOI:  10.1049/el.2011.0399 , Print ISSN 0013-5194, Online ISSN 1350-911X
© The Institution of Engineering and Technology
Published

Most of the existing phishing detection techniques are weak against domain name system (DNS)-poisoning-based phishing attacks. Proposed is a highly effective method for detecting such attacks: the network performance characteristics of websites are used for classification. To demonstrate how useful the approach is, the performance of four classification algorithms are explored: linear discriminant analysis, naïve Bayesian, K-nearest neighbour, and support vector machine. Over 10 000 real-world items of routing information have been observed during a one-week period. The experimental results show that the best-performing classification method – which uses the K-nearest neighbour algorithm – is capable of achieving a true positive rate of 99.4% and a false positive rate of 0.7%.

Inspec keywords: Web sites; computer network performance evaluation; support vector machines; computer network security; belief networks; pattern classification

Other keywords: k-nearest neighbour; naive Bayesian; linear discriminant analysis; Websites; classification algorithms; network performance characteristics; domain name system poisoning based phishing attacks; support vector machine

Subjects: Computer network performance; Computer networks and techniques; Data security; Computer communications; Knowledge engineering techniques

References

    1. 1)
      • Zhang, Y., Hong, J.I., Cranor, L.F.: `Cantina: a content-based approach to detecting phishing web sites', WWW '07: Proc. 16th Int. Conf. on World Wide Web, 2007, New York, NY, USA, p. 639–648.
    2. 2)
      • R.O. Duda , P.E. Hart , D.G. Stork . Pattern classification.
    3. 3)
      • Xiang, G., Hong, J.I.: `A hybrid phish detection approach by identity discovery and keywords retrieval', WWW '09: Proc. 18th ACM Int. Conf. on World Wide Web, 2009, New York, NY, USA, p. 571–580.
    4. 4)
      • Padmanabhan, V.N., Subramanian, L.: `An investigation of geographic mapping techniques for internet hosts', SIGCOMM '01: Proc. ACM 2001 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2001, New York, NY, USA, p. 173–185.
    5. 5)
      • S. Abu-Nimeh , S. Nair . Circumventing security toolbars and phishing filters via rogue wireless access points. Wirel. Commun. Mobile Comput. , 1128 - 1139
http://iet.metastore.ingenta.com/content/journals/10.1049/el.2011.0399
Loading

Related content

content/journals/10.1049/el.2011.0399
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address