Detecting DNS-poisoning-based phishing attacks from their network performance characteristics
نویسندگان
چکیده
Most of the existing phishing detection techniques are weak against domain name system (DNS)-poisoning-based phishing attacks. Proposed is a highly effective method for detecting such attacks: the network performance characteristics of websites are used for classification. To demonstrate how useful the approach is, the performance of four classification algorithms are explored: linear discriminant analysis, naı̈ve Bayesian, K-nearest neighbour, and support vector machine. Over 10 000 real-world items of routing information have been observed during a one-week period. The experimental results show that the best-performing classification method – which uses the K-nearest neighbour algorithm – is capable of achieving a true positive rate of 99.4% and a false positive rate of 0.7%.
منابع مشابه
Detecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کاملDepenDNS: Dependable Mechanism against DNS Cache Poisoning
DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminsky’s attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملA Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks
Today’s evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service (DoS), ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service (DDoS) attacks, espe...
متن کاملDetection of fast - ux botnets through DNS tra c analysis
Botnets are networks built up of a large number of bot computers, which provide the attacker with massive resources, such as bandwidth, storage, and processing power, in turn, allowing the attacker to launch massive attacks, such as Distributed Denial of Service (DDoS) attacks, or undertake spamming or phishing campaigns. One of the main approaches for botnet detection is based on monitoring an...
متن کامل