Method for evaluating the security risk of a website against phishing attacks

Abstract

As Internet technologies evolve, phishing and pharming attacks frequently occur and diversify. In order to protect the economic loss and privacy of Internet users against the phishing attacks, several researches such as website authentication and email authentication have been studied. Although, most of them use website black-list (WBL) or website white-list (WWL), there are several weak points, such as validity of WBL DB (database) and the short life-cycle of phishing websites. That is, it is impossible to discriminate between legitimate and forged websites until the phishing attacks are detected and recorded into WBL DB. Furthermore, the existing WBL and WWL approaches hardly counter the new generation of sophisticated malware pharming attacks. In this paper, in order to overcome the limitation of WBL and WWL approaches, new approach based on the WWL approach, which can quantitatively estimate the security risk of websites that is security risk degree representing the phishing websites, is proposed. © 2008 Springer-Verlag Berlin Heidelberg.