PhiGARo: Automatic Phishing Detection and Incident Response
Framework

D 2014

PhiGARo: Automatic Phishing Detection and Incident Response Framework

HUSÁK, Martin a Jakub ČEGAN

Základní údaje

Originální název

PhiGARo: Automatic Phishing Detection and Incident Response Framework

Autoři

HUSÁK, Martin a Jakub ČEGAN

Vydání

Fribourg, Switzerland, Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, od s. 295-302, 8 s. 2014

Nakladatel

IEEE

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

paměťový nosič (CD, DVD, flash disk)

Odkazy

URL

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14610/14:00076370

Organizační jednotka

Ústav výpočetní techniky

ISBN

978-1-4799-4223-7

Klíčová slova česky

phishing; PhiGARo; honeypot; CSIRT; IPFIX

Klíčová slova anglicky

phishing; PhiGARo; honeypot; CSIRT; IPFIX

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 17. 2. 2016 10:02, RNDr. Martin Husák, Ph.D.

Anotace

V originále

We present a comprehensive framework for automatic phishing incident processing and work in progress concerning automatic phishing detection and reporting. Our work is based upon the automatic phishing incident processing tool PhiGARo which locates users responding to phishing attack attempts and prevents access to phishing sites from the protected network. Although PhiGARo processes the phishing incidents automatically, it depends on reports of phishing incidents from users. We propose a framework which introduces honey pots into the process in order to eliminate the reliance on user input. The honey pots are used to capture e-mails, automatically detect messages containing phishing and immediately transfer them to PhiGARo. There is a need to propagate e-mail addresses of a honey pot to attract phishers. We discuss approaches to the honey pot e-mail propagation and propose a further enhancement to using honey pots in response to phishing incidents. We propose providing phishers with false credentials, accounts and documents that will grant them access to other honey pot services. Tracing these honey tokens may lead us to the originators of the phishing attacks and help investigations into phishing incidents.

Přiložené soubory

phigaro_paper.pdf Verze souboru

phigaro-slides.pdf Verze souboru

Citovat

HUSÁK, Martin a Jakub ČEGAN. PhiGARo: Automatic Phishing Detection and Incident Response Framework. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on. Fribourg, Switzerland: IEEE, 2014, s. 295-302. ISBN 978-1-4799-4223-7. Dostupné z: https://doi.org/10.1109/ARES.2014.46.

@inproceedings{1197056,
   author = {Husák, Martin and Čegan, Jakub},
   address = {Fribourg, Switzerland},
   booktitle = {Availability, Reliability and Security (ARES), 2014 Ninth International Conference on},
   doi = {https://doi.org/10.1109/ARES.2014.46},
   keywords = {phishing; PhiGARo; honeypot; CSIRT; IPFIX},
   howpublished = {paměťový nosič},
   language = {eng},
   location = {Fribourg, Switzerland},
   isbn = {978-1-4799-4223-7},
   pages = {295-302},
   publisher = {IEEE},
   title = {PhiGARo: Automatic Phishing Detection and Incident Response Framework},
   url = {http://dx.doi.org/10.1109/ARES.2014.46},
   year = {2014}
}

TY  - CONF
ID  - 1197056
AU  - Husák, Martin - Čegan, Jakub
PY  - 2014
TI  - PhiGARo: Automatic Phishing Detection and Incident Response Framework
PB  - IEEE
CY  - Fribourg, Switzerland
SN  - 9781479942237
KW  - phishing
KW  - PhiGARo
KW  - honeypot
KW  - CSIRT
KW  - IPFIX
UR  - http://dx.doi.org/10.1109/ARES.2014.46
L2  - http://dx.doi.org/10.1109/ARES.2014.46
N2  - We present a comprehensive framework for automatic phishing incident processing and work in progress concerning automatic phishing detection and reporting. Our work is based upon the automatic phishing incident processing tool PhiGARo which locates users responding to phishing attack attempts and prevents access to phishing sites from the protected network. Although PhiGARo processes the phishing incidents automatically, it depends on reports of phishing incidents from users. We propose a framework which introduces honey pots into the process in order to eliminate the reliance on user input. The honey pots are used to capture e-mails, automatically detect messages containing phishing and immediately transfer them to PhiGARo. There is a need to propagate e-mail addresses of a honey pot to attract phishers. We discuss approaches to the honey pot e-mail propagation and propose a further enhancement to using honey pots in response to phishing incidents. We propose providing phishers with false credentials, accounts and documents that will grant them access to other honey pot services. Tracing these honey tokens may lead us to the originators of the phishing attacks and help investigations into phishing incidents.
ER  -

HUSÁK, Martin a Jakub ČEGAN. PhiGARo: Automatic Phishing Detection and Incident Response Framework. In \textit{Availability, Reliability and Security (ARES), 2014 Ninth International Conference on}. Fribourg, Switzerland: IEEE, 2014, s.~295-302. ISBN~978-1-4799-4223-7. Dostupné z: https://doi.org/10.1109/ARES.2014.46.

Přehled o publikaci