A novel anti-phishing framework based on honeypots

Lade...
Vorschaubild
Dateien
Li_2_APWG_eCRS2009.pdf
Li_2_APWG_eCRS2009.pdfGröße: 4.46 MBDownloads: 2458
Datum
2009
Autor:innen
Schmitz, Roland
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
ArXiv-ID
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz
Gesperrt bis
Titel in einer weiteren Sprache
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
2009 eCrime Researchers Summit. IEEE, 2009, pp. 1-13. ISBN 978-1-4244-4625-4. Available under: doi: 10.1109/ECRIME.2009.5342609
Zusammenfassung

As a powerful anti-phishing tool, honeypots have been widely used by security service providers and financial institutes to collect phishing mails, so that new phishing sites can be earlier detected and quickly shut down. Another popular use of honeypots is to collect useful information about phishers' activities, which is used to make various kinds of statistics for the purposes of research and forensics. Recently, it has also been proposed to actively feed phishers with honeytokens. In the present paper, we discuss some problems of existing anti-phishing solutions based on honeypots. We propose to overcome these problems by transforming the real e-banking system itself into a honeypot equipped with honeytokens and supported by some other kinds of honeypots. A phishing detector is used to automatically detect suspicious phishers' attempts of stealing money from victims' accounts, and then ask for the potential victims' reconfirmation. This leads to a novel anti-phishing framework based on honeypots. As an indispensable part of the framework, we also propose to use phoneybots, i.e., active honeypots running in virtual machines and mimicking real users' behavior to access the real e-banking system automatically, in order to submit honeytokens to pharmers and phishing malware. The involvement of phoneybots is crucial to fight against advanced phishing attacks such as pharming and malware-based phishing attacks.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
phishing, honeypot, honeytoken, phoneypot, phoneytoken, phoneybot, online banking, money mule
Konferenz
2009 eCrime Researchers Summit (eCRIME), 20. Sept. 2009 - 21. Okt. 2009, Tacoma, WA, USA
Rezension
undefined / . - undefined, undefined
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Datensätze
Zitieren
ISO 690LI, Shujun, Roland SCHMITZ, 2009. A novel anti-phishing framework based on honeypots. 2009 eCrime Researchers Summit (eCRIME). Tacoma, WA, USA, 20. Sept. 2009 - 21. Okt. 2009. In: 2009 eCrime Researchers Summit. IEEE, 2009, pp. 1-13. ISBN 978-1-4244-4625-4. Available under: doi: 10.1109/ECRIME.2009.5342609
BibTex
@inproceedings{Li2009-10novel-6020,
  year={2009},
  doi={10.1109/ECRIME.2009.5342609},
  title={A novel anti-phishing framework based on honeypots},
  isbn={978-1-4244-4625-4},
  publisher={IEEE},
  booktitle={2009 eCrime Researchers Summit},
  pages={1--13},
  author={Li, Shujun and Schmitz, Roland}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/6020">
    <dcterms:bibliographicCitation>First publ. in: eCrime Researchers Summit, 2009 :  eCRIME '09 , Proceedings of 4th Annual APWG [Oct. 20-21, 2009, Tacoma,Washington]. 	Piscataway, NJ : IEEE, 2009. pp. 1 - 13</dcterms:bibliographicCitation>
    <dc:creator>Schmitz, Roland</dc:creator>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:47Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6020/1/Li_2_APWG_eCRS2009.pdf"/>
    <dc:language>eng</dc:language>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6020/1/Li_2_APWG_eCRS2009.pdf"/>
    <dcterms:issued>2009-10</dcterms:issued>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dcterms:title>A novel anti-phishing framework based on honeypots</dcterms:title>
    <dc:contributor>Schmitz, Roland</dc:contributor>
    <dc:contributor>Li, Shujun</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:47Z</dc:date>
    <dc:rights>terms-of-use</dc:rights>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dcterms:abstract xml:lang="eng">As a powerful anti-phishing tool, honeypots have been widely used by security service providers and financial institutes to collect phishing mails, so that new phishing sites can be earlier detected and quickly shut down. Another popular use of honeypots is to collect useful information about phishers' activities, which is used to make various kinds of statistics for the purposes of research and forensics. Recently, it has also been proposed to actively feed phishers with honeytokens. In the present paper, we discuss some problems of existing anti-phishing solutions based on honeypots. We propose to overcome these problems by transforming the real e-banking system itself into a honeypot equipped with honeytokens and supported by some other kinds of honeypots. A phishing detector is used to automatically detect suspicious phishers' attempts of stealing money from victims' accounts, and then ask for the potential victims' reconfirmation. This leads to a novel anti-phishing framework based on honeypots. As an indispensable part of the framework, we also propose to use phoneybots, i.e., active honeypots running in virtual machines and mimicking real users' behavior to access the real e-banking system automatically, in order to submit honeytokens to pharmers and phishing malware. The involvement of phoneybots is crucial to fight against advanced phishing attacks such as pharming and malware-based phishing attacks.</dcterms:abstract>
    <dc:format>application/pdf</dc:format>
    <dc:creator>Li, Shujun</dc:creator>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6020"/>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen