A quantitative approach to estimate a website security risk using whitelist

Young Gab Kim, Minsoo Lee, Sanghyun Cho, Sungdeok Cha

Research output: Contribution to journalArticle

Abstract

Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.

Original languageEnglish
Pages (from-to)1181-1192
Number of pages12
JournalSecurity and Communication Networks
Volume5
Issue number10
DOIs
Publication statusPublished - 2012 Oct

Keywords

  • Pharming
  • Phishing
  • Risk analysis
  • Website blacklist
  • Website security risk
  • Website whitelist

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'A quantitative approach to estimate a website security risk using whitelist'. Together they form a unique fingerprint.

  • Cite this