Fishing for Phishing From the Network Stream
Source: AT&T Labs-Research
Phishing is an increasingly prevalent social-engineering attack that attempts identity theft using spoofed Web pages of legitimate organizations. Unfortunately, current phishing detection methods are neither complete nor responsive because they rely on user reports, and many also require client-side software. Anti-phishing techniques could be more effective if they could detect phishing attacks automatically from the network traffic; could operate without cooperation from end-users. This paper performs a preliminary study to determine the feasibility of detecting phishing attacks in real-time, from the network traffic stream itself. It developed a model to identify the stages where in-network phishing detection is feasible and the data sources that can be analyzed to provide relevant information at each stage.