Monitoramento e Identificação de Páginas de Phishing

  • Heitor Damasceno UFMG
  • Vitor Freire UFSJ
  • Welton Santos UFSJ
  • Elverton Fazzion UFSJ / NIC.br
  • Osvaldo Fonseca UFMG
  • Ítalo Cunha UFMG
  • Cristine Hoepers NIC.br
  • Klaus Steding-Jessen NIC.br
  • Marcelo H. P. C. Chaves NIC.br
  • Dorgival Guedes UFMG
  • Wagner Meira Jr. UFMG

Resumo


Campanhas de phishing frequentemente utilizam páginas Web que imitam páginas legítimas para enganar as vítimas. Apesar dos esforços da comunidade científica em combater essa atividade, o phishing fica cada vez mais sofisticado e continua fazendo vítimas. Neste artigo apresentamos um novo arcabouço de monitoramento de páginas de phishing que combina técnicas que proveem escalabilidade e efetividade. Também estudamos os compromissos existentes na complexa tarefa de construir modelos para identificar páginas de phishing. Mostramos que bases de dados representativas e atributos do conteúdo das páginas são cruciais para construir modelos gerais. Nosso arcabouço de monitoramento e identificação de páginas de phishing foi aplicado a centenas de milhares de e-mails diários, identificando uma centena de páginas de phishing, uma redução de três ordens de magnitude, e serve também de ponto de partida para direcionar esforços futuros de combate ao phishing.

Referências

Chiew, K., Tan, C. L., Wong, K., Yong, K., and Tiong, W. (2019). A new hybrid ensemble feature selection framework for machine learning-based phishing detection system. Information Sciences, 484:153–166.

Cisco Systems (2019). Email: Click with Caution. Technical report.

Gowda, T. and Mattmann, C. A. (2016). Clustering Web Pages Based on Structure and Style Similarity (Application Paper). In Proc. of IEEE International Conference on Information Reuse and Integration.

Gowtham, R. and Krishnamurthi, I. (2014). A Comprehensive and Efcacious Architecture for Detecting Phishing Webpages. Computers & Security, 40:23–37.

Gupta, B. B., Arachchilage, N., and Psannis, K. (2017). Defending against Phishing Attacks: Taxonomy of Methods, Current Issues and Future Directions. Telecommunication Systems, 67(2):247–267.

Han, Y. and Shen, Y. (2016). Accurate Spear Phishing Campaign Attribution and Early Detection. In Proc of. ACM Symposium on Applied Computing.

Ho, ., Cidon, A., Gavish, L., Schweighauser, M., Paxson, V., Savage, S., Voelker, G. M., and Wagner, D. (2019). Detecting and Characterizing Lateral Phishing at Scale. In Proc. of USENIX Security Symposium.

Jain, A. and Gupta, B. B. (2017). Towards detection of phishing websites on client-side using machine learning based approach. Telecommunication Systems, 68(04):687–700.

Jain, A. and Gupta, B. B. (2018). A machine learning based approach for phishing detection using hyperlinks information. Journal of Ambient Intelligence and Humanized Computing, 10(5):2015–2028.

Koetsier, J. (2020). Scammers Send 3.1 Billion Domain Spoong Emails A Day. Here’s How To Protect Yourself (And Your Company).

Konte, M., Perdisci, R., and Feamster, N. (2015). ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes. In Proc. of ACM Conference on Special Interest Group on Data Communication.

Krämer, L., Krupp, J., Makita, D., Nishizoe, T., Koide, T., Yoshioka, K., and Rossow, C. (2015). AmpPot: Monitoring and Defending Against Amplication DDoS Attacks.

In Proc. of RAID International Symposium on Research in Attacks, Intrusions, and Defenses.

Li, Y., Chen, X., Yuan, H., and Liu, W. (2018). A stacking model using URL and HTML features for phishing webpage detection. Future Generation Computer Systems, 94:27–39.

Mason, J. (2002). Filtering spam with SpamAssassin. In HEANet Annual Conference.

Mohammad, R. (2013). Predicting Phishing Websites based on Self-Structuring Neural Network. Neural Computing and Applications, 25(2):443–458.

Mohammad, R., Thabtah, F., and Mccluskey, T. (2012). An assessment of features related In Proc. of IEEE International to phishing websites using an automated technique. Conference for Internet Technology and Secured Transactions.

Park, A. J., Quadari, R. N., and Tsang, H. H. (2017). Phishing website detection framework through web scraping and data mining. In Proc. of IEEE Information Technology, Electronics and Mobile Communication Conference.

Rao, R. and Pais, A. (2018). Detection of Phishing Websites Using an Efcient Featurebased Machine Learning Framework. Neural Comp. and Applic., 31(8):3851–3873. Sahingoz, O. K., Buber, E., Demir, Ö., and Diri, B. (2019). Machine learning based phishing detection from URLs. Expert Syst. Appl., 117:345–357.

Sameen, M., Han, K., and Hwang, S. (2020). PhishHaven -An Efcient Real-Time AI Phishing URLs Detection System. IEEE Access, 8:83425–83443.

Santos, W., Fazzion, E., Fonseca, O., Cunha, I., Chaves, M., Hoepers, C., Steding-Jessen, K., Guedes, D., and jr, W. M. (2019). Uma Metodologia para Agrupamento e Extração de Informações de URLs de Phishing. In Proc. of Brazilian Symposium on Information and Computational Systems Security (SBSeg).

Shirazi, H., Bezawada, B., and Ray, I. (2018). “Kn0w Thy Doma1n Name”: Unbiased Phishing Detection Using Domain Name Based Features. In Proc. of Symposium on Access Control Models and Technologies.

Spamhaus (2021). https://www.spamhaus.org/.

Steding-Jessen, K., Vijaykumar, N., and Montes, A. (2008). Using Low-Interaction Honeypots to Study the Abuse of Open Proxies to Send Spam. Journal of Computer Science, 7(1):44–52.

Symantec (2019). Internet Security Threat Report. Technical report.

Xiang, G., Hong, J., Rose, C. P., and Cranor, L. (2011). CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites. Transaction on Information System Security, 14(2):21:1–21:28.

Zhang, W., Jiang, Q., Chen, L., and Li, C. (2016). Two-stage ELM for phishing Web pages detection using hybrid features. World Wide Web, 20(4):797–813.
Publicado
16/08/2021
Como Citar

Selecione um Formato
DAMASCENO, Heitor et al. Monitoramento e Identificação de Páginas de Phishing. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 39. , 2021, Uberlândia. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 . p. 378-391. ISSN 2177-9384.

Artigos mais lidos do(s) mesmo(s) autor(es)