City University of Hong Kong

CityU Institutional Repository >
3_CityU Electronic Theses and Dissertations >
ETD - Dept. of Computer Science  >
CS - Master of Philosophy  >

Please use this identifier to cite or link to this item:

Title: Phishing target detection
Other Titles: Diao yu wang zhan gong ji mu biao de jian ce
Authors: Qiu, Bite (邱彼特)
Department: Department of Computer Science
Degree: Master of Philosophy
Issue Date: 2010
Publisher: City University of Hong Kong
Subjects: Internet -- Security measures.
Notes: CityU Call Number: TK5105.875.I57 Q25 2010
viii, 64 leaves : ill. 30 cm.
Thesis (M.Phil.)--City University of Hong Kong, 2010.
Includes bibliographical references (leaves 58-63)
Type: thesis
Abstract: Phishing is a growing problem that causes severe consequences of both financial loss and downdrift of internet security trust. Despite the fact that many anti-phishing solutions are developed and adopted to the industry, the phishing problem is not mitigated as we are witnessing an ever growing number of phishing attacks. We found phishing target detection is useful but yet missing from existing anti-phishing solutions. In this thesis, a method for automatically discovering the phishing target of a given suspicious webpage is proposed. The method first finds all associated webpages, which have either direct association relationship or indirect association relationship with the given suspicious webpage, and then finds the so-called "parasitic" community of the given suspicious webpage based on these associated webpages. Finally, the method discovers the phishing target of the given suspicious webpage from within the parasitic community as the one which has sufficiently strong parasitic relationship with the given suspicious webpage. If we can find such phishing target, we can also determine the given suspicious webpage as a phishing webpage. Otherwise, it is treated as a legitimate webpage. We have tested the proposed method thoroughly. The proposed method can achieve a phishing detection accuracy of 99.2%, a phishing target identification accuracy of 92.1%, and a false alarm rate of 0.9%-1.2%. We develop and deploy our method to a web application at Any web users can visit the site and submit a suspicious URL to test whether it is a phishing webpage or not. If it is identified as a phishing URL, our system will also list some possible phishing targets of it. Finally, potential enterprise applications are also discussed.
Online Catalog Link:
Appears in Collections:CS - Master of Philosophy

Files in This Item:

File Description SizeFormat
abstract.html134 BHTMLView/Open
fulltext.html134 BHTMLView/Open

Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.


Valid XHTML 1.0!
DSpace Software © 2013 CityU Library - Send feedback to Library Systems
Privacy Policy · Copyright · Disclaimer