PhiGARo: Automatic Phishing Detection and Incident Response Framework

Authors

HUSÁK Martin ČEGAN Jakub

Year of publication 2014
Type Article in Proceedings
Conference Availability, Reliability and Security (ARES), 2014 Ninth International Conference on
MU Faculty or unit

Institute of Computer Science

Citation
Web http://dx.doi.org/10.1109/ARES.2014.46
Doi http://dx.doi.org/10.1109/ARES.2014.46
Field Informatics
Keywords phishing; PhiGARo; honeypot; CSIRT; IPFIX
Attached files
Description We present a comprehensive framework for automatic phishing incident processing and work in progress concerning automatic phishing detection and reporting. Our work is based upon the automatic phishing incident processing tool PhiGARo which locates users responding to phishing attack attempts and prevents access to phishing sites from the protected network. Although PhiGARo processes the phishing incidents automatically, it depends on reports of phishing incidents from users. We propose a framework which introduces honey pots into the process in order to eliminate the reliance on user input. The honey pots are used to capture e-mails, automatically detect messages containing phishing and immediately transfer them to PhiGARo. There is a need to propagate e-mail addresses of a honey pot to attract phishers. We discuss approaches to the honey pot e-mail propagation and propose a further enhancement to using honey pots in response to phishing incidents. We propose providing phishers with false credentials, accounts and documents that will grant them access to other honey pot services. Tracing these honey tokens may lead us to the originators of the phishing attacks and help investigations into phishing incidents.

You are running an old browser version. We recommend updating your browser to its latest version.

More info