anti phishing software
Download
Skip this Video
Download Presentation
Anti-Phishing Software

Loading in 2 Seconds...

play fullscreen
1 / 14

Anti-Phishing Software - PowerPoint PPT Presentation


  • 544 Views
  • Uploaded on

Anti-Phishing Software. Presented by: Aaron Smalls, Michelle Mature, Devin Biggers. Overview. Background Research Motivation Our Project Outline Raw Data + Calculations Analysis of our work Conclusions Future Work Reference. Background. What is phishing?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Anti-Phishing Software' - Solomon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
anti phishing software

Anti-Phishing Software

Presented by: Aaron Smalls, Michelle Mature, Devin Biggers

overview
Overview
  • Background
  • Research
  • Motivation
  • Our Project Outline
  • Raw Data + Calculations
  • Analysis of our work
  • Conclusions
  • Future Work
  • Reference
background
Background
  • What is phishing?
    • Phishing is a form of online information or identity theft whose purpose is to acquire sensitive information such as online banking credentials or credit card information from individuals
    •  Entices users to involuntarily and unknowingly provide sensitive information for the attackers personal gain
research
Research

Looked at an experiment from the article "Why Phishing Works"

  • 22 participants
  • 7 legit sites, 9 already known phishing, 3 newly phishing
  •  Purpose of experiment explained to everyone
  •  90% of users fooled by well designed phishing
  •  Results:
    • Browser alerts = ineffective
    • Pop ups about fraud = inefficient
    •  25% not familiar with anti-phishing software
    •  age, sex, experience, hours on comp, highest level of education = no advantages
motivation
Motivation
  • #1 misjudged phishing site was said to be legit "based on content of the page and detail in design."
  • From Jan 1- June 30 2009 there were over 55,000 phishing attacks according to the Anti-Phishing Working Group
  • We realize that we can\'t rely on users alone to distinguish between phishing and legitimate sites
  • People don\'t realize how much profit can come from a convincing phishing site
our project outline
Our Project Outline
  • We decided to test 6 FREE anti-phishing software tools available online
  • Made a spreadsheet of 500 legit/phishing sites
  • Ran each tool on each site to see if it is detected as a phishing site
  • Wrote down results for each tool for each site
  • Anti-Phishing Tools used:
    •  AVG, IE SmartGuard, NetCraft, Comodo Verification Engine, SpoofStick, McAfee SiteAdvisor
  • Compiled results into the following categories for each tool:
    • Banking, E-Commerce, E-mail, Entertainment, Gaming, Government, Hotel, Social Networking, Messenger, Other
raw data calculations
Raw Data + Calculations
  • Initial Results Spreadsheet
  •  Example Analysis on SpoofStick taken from banking category
analysis of results
Analysis of Results
  • None of the 6 tools showed any signs of false positives (saying it\'s a phishing site but it is not)
  • How we decided on best tool for each category:
    • greatest % verifying legit sites (not including unsure)
    • least % of false negatives
  •  Best tool by category:
    • Banking: NetCraft - all legit verified, 8% false negative, 131 sites
    • E-commerce: NetCraft - all legit verified, 2% false negative
analysis of results9
Analysis of Results
  • Education: NetCraft - 16 legit sites, 1 phishing site, only tool that recognized it as a phishing site
  • E-mail: NetCraft - caught 90% of phishing e-mails
  • Entertainment: NetCraft - caught 8 of 9 phishing sites
  • Gaming: NetCraft - caught 96% of phishing sites
  •  Government: McAfee SiteAdvisor - caught 100% of phishing sites and verified all legit
  •  Hotels: NetCraft - caught 66% of phishing
analysis of results10
Analysis of Results
  • Social Networking: NetCraft or McAfee SiteAdvisor - out of 92 sites (54 phishing, 38 legit) - still ~ 10 phishing not detected
  •  Messenger: NetCraft or McAfee SiteAdvisor - only 8 sites analyzed, both came back with 1 false negative
  • Other: NetCraft  - 20 sites, 1 false positive
conclusions
Conclusions
  • After extensive experimention, 3000 seperate tests (500 websites using 6 tools) we found that:
    • Overall NetCraft seems to be the best FREE anti-phishing tool available online
      • http://toolbar.netcraft.com/install
    • Every tool except NetCraft and McAfee SiteAdvisor had 100% false negative rate in at least 4 of the 11 categories, AVG had 100% FN in 7 categories
    • Comodo Verification Engine and SpoofStick could rarely verify any legit sites (marked as unsure)
future work
Future Work
  • We would like to have a more extensive legit/phishing spreadsheet of sites
  • We would like to continue to add the latest phishing sites reported by users on phishtank.com
  • We would like to test the following three tools:
    •  Microsoft Anti-Phishing Filter Add-in
    • SpoofGuard
    •  CallingID Toolbar
references
References

Websites to download our 6 tools:

  • NetCraft Anti-Phishing Toolbar http://toolbar.netcraft.com/install
  •  AVG Free http://free.avg.com/us-en/homepage
  • IE SmartScreen www.microsoft.com/security/filters/smartscreen.aspx
  •  Comodo Verification Engine

http://www.snapfiles.com/Freeware/misctools/fwbrowson.html

  • SpoofStick

http://www.snapfiles.com/Freeware/misctools/fwbrowson.html

  •  McAfee SiteAdvisor

http://www.snapfiles.com/Freeware/misctools/fwbrowson.html

references cont
References Cont...

We have also been using the follwoing academic papers and online articles throughout our project:

"Why Phishing Works" By: Rachna Dhamija, Marti Hears, J. D. Tygar

http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf

"Protecting Users Against Phishing Attacks" by: Engin Kirda, Christopher Kruegel

http://www.cs.ucsb.edu/~chris/research/doc/cj06_phish.pdf

“Phishing Filters and Toolbars” By Mary Landesmanhttp://antivirus.about.com/od/freeantivirussoftware/tp/phishingfilter.htm

“Phishing: A Primer on What Phishing is and How it Works” http://www.antiphishing.org/sponsors_technical_papers/DigiCert_

Phishing_White_Paper.pdf

ad