Anti phishing software
1 / 14

Anti-Phishing Software - PowerPoint PPT Presentation

  • Updated On :

Anti-Phishing Software. Presented by: Aaron Smalls, Michelle Mature, Devin Biggers. Overview. Background Research Motivation Our Project Outline Raw Data + Calculations Analysis of our work Conclusions Future Work Reference. Background. What is phishing?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Anti-Phishing Software' - Solomon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Anti phishing software l.jpg

Anti-Phishing Software

Presented by: Aaron Smalls, Michelle Mature, Devin Biggers

Overview l.jpg

  • Background

  • Research

  • Motivation

  • Our Project Outline

  • Raw Data + Calculations

  • Analysis of our work

  • Conclusions

  • Future Work

  • Reference

Background l.jpg

  • What is phishing?

    • Phishing is a form of online information or identity theft whose purpose is to acquire sensitive information such as online banking credentials or credit card information from individuals

    •  Entices users to involuntarily and unknowingly provide sensitive information for the attackers personal gain

Research l.jpg

Looked at an experiment from the article "Why Phishing Works"

  • 22 participants

  • 7 legit sites, 9 already known phishing, 3 newly phishing

  •  Purpose of experiment explained to everyone

  •  90% of users fooled by well designed phishing

  •  Results:

    • Browser alerts = ineffective

    • Pop ups about fraud = inefficient

    •  25% not familiar with anti-phishing software

    •  age, sex, experience, hours on comp, highest level of education = no advantages

Motivation l.jpg

  • #1 misjudged phishing site was said to be legit "based on content of the page and detail in design."

  • From Jan 1- June 30 2009 there were over 55,000 phishing attacks according to the Anti-Phishing Working Group

  • We realize that we can't rely on users alone to distinguish between phishing and legitimate sites

  • People don't realize how much profit can come from a convincing phishing site

Our project outline l.jpg
Our Project Outline

  • We decided to test 6 FREE anti-phishing software tools available online

  • Made a spreadsheet of 500 legit/phishing sites

  • Ran each tool on each site to see if it is detected as a phishing site

  • Wrote down results for each tool for each site

  • Anti-Phishing Tools used:

    •  AVG, IE SmartGuard, NetCraft, Comodo Verification Engine, SpoofStick, McAfee SiteAdvisor

  • Compiled results into the following categories for each tool:

    • Banking, E-Commerce, E-mail, Entertainment, Gaming, Government, Hotel, Social Networking, Messenger, Other

Raw data calculations l.jpg
Raw Data + Calculations

  • Initial Results Spreadsheet

  •  Example Analysis on SpoofStick taken from banking category

Analysis of results l.jpg
Analysis of Results

  • None of the 6 tools showed any signs of false positives (saying it's a phishing site but it is not)

  • How we decided on best tool for each category:

    • greatest % verifying legit sites (not including unsure)

    • least % of false negatives

  •  Best tool by category:

    • Banking: NetCraft - all legit verified, 8% false negative, 131 sites

    • E-commerce: NetCraft - all legit verified, 2% false negative

Analysis of results9 l.jpg
Analysis of Results

  • Education: NetCraft - 16 legit sites, 1 phishing site, only tool that recognized it as a phishing site

  • E-mail: NetCraft - caught 90% of phishing e-mails

  • Entertainment: NetCraft - caught 8 of 9 phishing sites

  • Gaming: NetCraft - caught 96% of phishing sites

  •  Government: McAfee SiteAdvisor - caught 100% of phishing sites and verified all legit

  •  Hotels: NetCraft - caught 66% of phishing

Analysis of results10 l.jpg
Analysis of Results

  • Social Networking: NetCraft or McAfee SiteAdvisor - out of 92 sites (54 phishing, 38 legit) - still ~ 10 phishing not detected

  •  Messenger: NetCraft or McAfee SiteAdvisor - only 8 sites analyzed, both came back with 1 false negative

  • Other: NetCraft  - 20 sites, 1 false positive

Conclusions l.jpg

  • After extensive experimention, 3000 seperate tests (500 websites using 6 tools) we found that:

    • Overall NetCraft seems to be the best FREE anti-phishing tool available online


    • Every tool except NetCraft and McAfee SiteAdvisor had 100% false negative rate in at least 4 of the 11 categories, AVG had 100% FN in 7 categories

    • Comodo Verification Engine and SpoofStick could rarely verify any legit sites (marked as unsure)

Future work l.jpg
Future Work

  • We would like to have a more extensive legit/phishing spreadsheet of sites

  • We would like to continue to add the latest phishing sites reported by users on

  • We would like to test the following three tools:

    •  Microsoft Anti-Phishing Filter Add-in

    • SpoofGuard

    •  CallingID Toolbar

References l.jpg

Websites to download our 6 tools:

  • NetCraft Anti-Phishing Toolbar

  •  AVG Free

  • IE SmartScreen

  •  Comodo Verification Engine

  • SpoofStick

  •  McAfee SiteAdvisor

References cont l.jpg
References Cont...

We have also been using the follwoing academic papers and online articles throughout our project:

"Why Phishing Works" By: Rachna Dhamija, Marti Hears, J. D. Tygar

"Protecting Users Against Phishing Attacks" by: Engin Kirda, Christopher Kruegel

“Phishing Filters and Toolbars” By Mary Landesman

“Phishing: A Primer on What Phishing is and How it Works”