Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorMarchal, Samuel
dc.contributor.authorArmano, Giovanni
dc.contributor.authorGrondahl, Tommi
dc.contributor.authorSaari, Kalle
dc.contributor.authorSingh, Nidhi
dc.contributor.authorAsokan, N.
dc.contributor.departmentTietotekniikan laitosfi
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.labSecure Systemsen
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.date.accessioned2017-09-21T09:04:01Z
dc.date.available2017-09-21T09:04:01Z
dc.date.issued2017
dc.description.abstractPhishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.en
dc.description.abstractPhishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.fi
dc.description.versionNon Peer revieweden
dc.format.extent15
dc.format.mimetypeapplication/pdfen
dc.identifier.citationMarchal, Samuel & Armano, Giovanni & Grondahl, Tommi & Saari, Kalle & Singh, Nidhi & Asokan, N. 2017. Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application. IEEE Transactions on Computers. Volume 66, Issue 10. 15 pages.en
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/28058
dc.identifier.urnURN:NBN:fi:aalto-201705154736
dc.language.isoenen
dc.publisherIEEEen
dc.relationinfo:eu-repo/grantAgreement/ICRI SC
dc.relation.ispartofseriesIEEE Transactions on Computersen
dc.relation.ispartofseriesVolume 66, Issue 10fi
dc.rights© 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.en
dc.rights.holderIEEE
dc.subject.keywordPhishing webpage detectionen
dc.subject.keywordphishing preventionen
dc.subject.keywordphishing target identificationen
dc.subject.keywordmachine learningen
dc.subject.keywordweb securityen
dc.subject.keywordbrowser add-onen
dc.subject.otherComputer scienceen
dc.titleOff-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Applicationen
dc.typeA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessäfi
dc.type.dcmitypetexten
dc.type.versionPre-printen

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
A1_marchal__samuel_2017.pdf
Size:
3.33 MB
Format:
Adobe Portable Document Format