Detecting Phishing Sites Using URLs Collected from Emails
Phishing is the malicious behavior of stealing personal information from computer users. It is a very popular account-theft-method among cyber criminals. Hence, developing a new approach to solve phishing attacks becomes an important issue. This paper proposes a router-based solution, called Shark, to phishing attacks. The router-based property allows Shark to protect a whole network without the need to install or maintain any software in any internal host. Based on the URLs collected from emails and the properties of the web pages pointed by these URLs, Shark quickly and automatically identifies phishing web pages. Experimental results demonstrate that Shark installed on a Linux edge router can accurately detect and attack phishing sites with low false positives and false negatives. And even though a false positive occurs, erroneous counterattacks do not influence the normal operations of legal web sites.
C. S. Wang et al., "Detecting Phishing Sites Using URLs Collected from Emails", Applied Mechanics and Materials, Vols. 479-480, pp. 916-922, 2014