A novel anti-phishing framework based on honeypots

Thumbnail Image
Files
Li_2_APWG_eCRS2009.pdf(4.46 MB)
Date
2009
Authors
Schmitz, Roland
Editors
Contact
Journal ISSN
Electronic ISSN
ISBN
Bibliographical data
Publisher
Series
URI (citable link)
urn:nbn:de:bsz:352-opus-127233
DOI (citable link)
10.1109/ECRIME.2009.5342609
ArXiv-ID
International patent number
Link to the license
In Copyright
EU project number
Project
Open Access publication
Collections
Informatik und Informationswissenschaft
Zukunftskolleg
Restricted until
Title in another language
Research Projects
Organizational Units
Journal Issue
Publication type
Contribution to a conference collection
Publication status
Published in
2009 eCrime Researchers Summit. - IEEE, 2009. - pp. 1-13. - ISBN 978-1-4244-4625-4
Abstract
As a powerful anti-phishing tool, honeypots have been widely used by security service providers and financial institutes to collect phishing mails, so that new phishing sites can be earlier detected and quickly shut down. Another popular use of honeypots is to collect useful information about phishers' activities, which is used to make various kinds of statistics for the purposes of research and forensics. Recently, it has also been proposed to actively feed phishers with honeytokens. In the present paper, we discuss some problems of existing anti-phishing solutions based on honeypots. We propose to overcome these problems by transforming the real e-banking system itself into a honeypot equipped with honeytokens and supported by some other kinds of honeypots. A phishing detector is used to automatically detect suspicious phishers' attempts of stealing money from victims' accounts, and then ask for the potential victims' reconfirmation. This leads to a novel anti-phishing framework based on honeypots. As an indispensable part of the framework, we also propose to use phoneybots, i.e., active honeypots running in virtual machines and mimicking real users' behavior to access the real e-banking system automatically, in order to submit honeytokens to pharmers and phishing malware. The involvement of phoneybots is crucial to fight against advanced phishing attacks such as pharming and malware-based phishing attacks.
Summary in another language
Subject (DDC)
004 Computer Science
Keywords
phishing,honeypot,honeytoken,phoneypot,phoneytoken,phoneybot,online banking,money mule
Conference
2009 eCrime Researchers Summit (eCRIME), Sep 20, 2009 - Oct 21, 2009, Tacoma, WA, USA
Review
undefined / . - undefined, undefined. - (undefined; undefined)
Cite This
ISO 690LI, Shujun, Roland SCHMITZ, 2009. A novel anti-phishing framework based on honeypots. 2009 eCrime Researchers Summit (eCRIME). Tacoma, WA, USA, Sep 20, 2009 - Oct 21, 2009. In: 2009 eCrime Researchers Summit. IEEE, pp. 1-13. ISBN 978-1-4244-4625-4. Available under: doi: 10.1109/ECRIME.2009.5342609
BibTex
@inproceedings{Li2009-10novel-6020,
  year={2009},
  doi={10.1109/ECRIME.2009.5342609},
  title={A novel anti-phishing framework based on honeypots},
  isbn={978-1-4244-4625-4},
  publisher={IEEE},
  booktitle={2009 eCrime Researchers Summit},
  pages={1--13},
  author={Li, Shujun and Schmitz, Roland}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/6020">
    <dcterms:bibliographicCitation>First publ. in: eCrime Researchers Summit, 2009 :  eCRIME '09 , Proceedings of 4th Annual APWG [Oct. 20-21, 2009, Tacoma,Washington]. 	Piscataway, NJ : IEEE, 2009. pp. 1 - 13</dcterms:bibliographicCitation>
    <dc:creator>Schmitz, Roland</dc:creator>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:47Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6020/1/Li_2_APWG_eCRS2009.pdf"/>
    <dc:language>eng</dc:language>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6020/1/Li_2_APWG_eCRS2009.pdf"/>
    <dcterms:issued>2009-10</dcterms:issued>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dcterms:title>A novel anti-phishing framework based on honeypots</dcterms:title>
    <dc:contributor>Schmitz, Roland</dc:contributor>
    <dc:contributor>Li, Shujun</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:47Z</dc:date>
    <dc:rights>terms-of-use</dc:rights>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dcterms:abstract xml:lang="eng">As a powerful anti-phishing tool, honeypots have been widely used by security service providers and financial institutes to collect phishing mails, so that new phishing sites can be earlier detected and quickly shut down. Another popular use of honeypots is to collect useful information about phishers' activities, which is used to make various kinds of statistics for the purposes of research and forensics. Recently, it has also been proposed to actively feed phishers with honeytokens. In the present paper, we discuss some problems of existing anti-phishing solutions based on honeypots. We propose to overcome these problems by transforming the real e-banking system itself into a honeypot equipped with honeytokens and supported by some other kinds of honeypots. A phishing detector is used to automatically detect suspicious phishers' attempts of stealing money from victims' accounts, and then ask for the potential victims' reconfirmation. This leads to a novel anti-phishing framework based on honeypots. As an indispensable part of the framework, we also propose to use phoneybots, i.e., active honeypots running in virtual machines and mimicking real users' behavior to access the real e-banking system automatically, in order to submit honeytokens to pharmers and phishing malware. The involvement of phoneybots is crucial to fight against advanced phishing attacks such as pharming and malware-based phishing attacks.</dcterms:abstract>
    <dc:format>application/pdf</dc:format>
    <dc:creator>Li, Shujun</dc:creator>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6020"/>
  </rdf:Description>
</rdf:RDF>
Internal note
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Contact
URL of original publication
Test date of URL
Examination date of dissertation
Method of financing
Comment on publication
Alliance license
Corresponding Authors der Uni Konstanz vorhanden
International Co-Authors
Bibliography of Konstanz
Yes
Refereed