|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
You need to be logged in to carry this out. If you don't have an account, feel free to create one. |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > An Empirical Analysis of Phishing Attack and Defense
An Empirical Analysis of Phishing Attack and DefenseAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Andrew Lewis. A key way in which banks mitigate the effects of phishing attacks is to remove the fraudulent websites and abusive domain names hosting them. We have gathered and analyzed empirical data on phishing website removal times and the number of visitors that the websites attract. We find that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. Phishing-website lifetimes follow a long-tailed lognormal distribution—while many sites are removed quickly, others remain much longer. We have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling hosting resources and by targeting many banks simultaneously. The gang’s architectural innovations have significantly extended their websites’ average lifetime. Using response data obtained from the servers hosting phishing websites, we also provide a ballpark estimate of the total losses due to phishing. Phishing-website removal is often subcontracted to specialist companies. We analyze three months of `feeds’ of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware, or learns of sites only belatedly. Upon calculating the resultant increase in lifetimes caused by the take-down company’s lack of action, the results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs. Finally, we have studied how one anti-phishing organization has leveraged the so-called `wisdom of crowds’ by relying on volunteers to submit and verify suspected phishing sites. We show its voting-based decision mechanism to be slower and less comprehensive than unilateral verification performed by companies. We also find that the distribution of user participation is highly skewed, leaving the scheme vulnerable to manipulation. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsEngineering Safe AI seminar group Well-being Institute Seminars Von Hügel Institute eventsOther talksAnimal Migration TODAY Adrian Seminar: "Starting new actions and learning from it" Satellite Applications Catapult Quickfire Talks Develop a tool for inferring symptoms from prescriptions histories for cancer patients Recent Advances in Solid State Batteries and Beyond Li Technologies - Challenges for Fundamental Science Repetitive Behavior and Restricted Interests: Developmental, Genetic, and Neural Correlates 'The Japanese Mingei Movement and the art of Katazome' Single Cell Seminars (October) To be confirmed The role of the oculomotor system in visual attention and visual short-term memory Black and British Migration The interpretation of black hole solutions in general relativity |
Tuesday 08 April 2008, 16:15-17:15