Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application
dc.contributor | Aalto-yliopisto | fi |
dc.contributor | Aalto University | en |
dc.contributor.author | Marchal, Samuel | |
dc.contributor.author | Armano, Giovanni | |
dc.contributor.author | Grondahl, Tommi | |
dc.contributor.author | Saari, Kalle | |
dc.contributor.author | Singh, Nidhi | |
dc.contributor.author | Asokan, N. | |
dc.contributor.department | Tietotekniikan laitos | fi |
dc.contributor.department | Department of Computer Science | en |
dc.contributor.lab | Secure Systems | en |
dc.contributor.school | Perustieteiden korkeakoulu | fi |
dc.contributor.school | School of Science | en |
dc.date.accessioned | 2017-09-21T09:04:01Z | |
dc.date.available | 2017-09-21T09:04:01Z | |
dc.date.issued | 2017 | |
dc.description.abstract | Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings. | en |
dc.description.abstract | Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings. | fi |
dc.description.version | Non Peer reviewed | en |
dc.format.extent | 15 | |
dc.format.mimetype | application/pdf | en |
dc.identifier.citation | Marchal, Samuel & Armano, Giovanni & Grondahl, Tommi & Saari, Kalle & Singh, Nidhi & Asokan, N. 2017. Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application. IEEE Transactions on Computers. Volume 66, Issue 10. 15 pages. | en |
dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/28058 | |
dc.identifier.urn | URN:NBN:fi:aalto-201705154736 | |
dc.language.iso | en | en |
dc.publisher | IEEE | en |
dc.relation | info:eu-repo/grantAgreement/ICRI SC | |
dc.relation.ispartofseries | IEEE Transactions on Computers | en |
dc.relation.ispartofseries | Volume 66, Issue 10 | fi |
dc.rights | © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. | en |
dc.rights.holder | IEEE | |
dc.subject.keyword | Phishing webpage detection | en |
dc.subject.keyword | phishing prevention | en |
dc.subject.keyword | phishing target identification | en |
dc.subject.keyword | machine learning | en |
dc.subject.keyword | web security | en |
dc.subject.keyword | browser add-on | en |
dc.subject.other | Computer science | en |
dc.title | Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application | en |
dc.type | A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä | fi |
dc.type.dcmitype | text | en |
dc.type.version | Pre-print | en |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- A1_marchal__samuel_2017.pdf
- Size:
- 3.33 MB
- Format:
- Adobe Portable Document Format