CityU Institutional Repository >
CityU Electronic Theses and Dissertations >
ETD - Dept. of Computer Science >
CS - Master of Philosophy >
Please use this identifier to cite or link to this item:
|Title: ||Phishing target detection|
|Other Titles: ||Diao yu wang zhan gong ji mu biao de jian ce|
|Authors: ||Qiu, Bite (邱彼特)|
|Department: ||Department of Computer Science|
|Degree: ||Master of Philosophy|
|Issue Date: ||2010|
|Publisher: ||City University of Hong Kong|
|Subjects: ||Internet -- Security measures.|
|Notes: ||CityU Call Number: TK5105.875.I57 Q25 2010|
viii, 64 leaves : ill. 30 cm.
Thesis (M.Phil.)--City University of Hong Kong, 2010.
Includes bibliographical references (leaves 58-63)
|Abstract: ||Phishing is a growing problem that causes severe consequences of both financial loss and
downdrift of internet security trust. Despite the fact that many anti-phishing solutions are
developed and adopted to the industry, the phishing problem is not mitigated as we are
witnessing an ever growing number of phishing attacks.
We found phishing target detection is useful but yet missing from existing anti-phishing
solutions. In this thesis, a method for automatically discovering the phishing target of a given
suspicious webpage is proposed. The method first finds all associated webpages, which have
either direct association relationship or indirect association relationship with the given
suspicious webpage, and then finds the so-called "parasitic" community of the given
suspicious webpage based on these associated webpages. Finally, the method discovers the
phishing target of the given suspicious webpage from within the parasitic community as the
one which has sufficiently strong parasitic relationship with the given suspicious webpage. If
we can find such phishing target, we can also determine the given suspicious webpage as a
phishing webpage. Otherwise, it is treated as a legitimate webpage.
We have tested the proposed method thoroughly. The proposed method can achieve a
phishing detection accuracy of 99.2%, a phishing target identification accuracy of 92.1%, and
a false alarm rate of 0.9%-1.2%.
We develop and deploy our method to a web application at www.SiteWatcher.cn. Any
web users can visit the site and submit a suspicious URL to test whether it is a phishing
webpage or not. If it is identified as a phishing URL, our system will also list some possible
phishing targets of it. Finally, potential enterprise applications are also discussed.|
|Online Catalog Link: ||http://lib.cityu.edu.hk/record=b3947806|
|Appears in Collections:||CS - Master of Philosophy |
Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.