A quantitative approach to estimate a website security risk using whitelist

Young Gab Kim; Minsoo Lee; Sanghyun Cho; Sungdeok Cha

doi:10.1002/sec.420

A quantitative approach to estimate a website security risk using whitelist

Young Gab Kim, Minsoo Lee, Sanghyun Cho, Sungdeok Cha

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.

Original language	English
Pages (from-to)	1181-1192
Number of pages	12
Journal	Security and Communication Networks
Volume	5
Issue number	10
DOIs	https://doi.org/10.1002/sec.420
Publication status	Published - 2012 Oct

Keywords

Pharming
Phishing
Risk analysis
Website blacklist
Website security risk
Website whitelist

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1002/sec.420

Cite this

@article{819f97f5b6a44b43b1e0d1080335c59a,

title = "A quantitative approach to estimate a website security risk using whitelist",

abstract = "Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.",

keywords = "Pharming, Phishing, Risk analysis, Website blacklist, Website security risk, Website whitelist",

author = "Kim, {Young Gab} and Minsoo Lee and Sanghyun Cho and Sungdeok Cha",

year = "2012",

month = oct,

doi = "10.1002/sec.420",

language = "English",

volume = "5",

pages = "1181--1192",

journal = "Security and Communication Networks",

issn = "1939-0114",

publisher = "John Wiley and Sons Inc.",

number = "10",

}

TY - JOUR

T1 - A quantitative approach to estimate a website security risk using whitelist

AU - Kim, Young Gab

AU - Lee, Minsoo

AU - Cho, Sanghyun

AU - Cha, Sungdeok

PY - 2012/10

Y1 - 2012/10

N2 - Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.

AB - Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.

KW - Pharming

KW - Phishing

KW - Risk analysis

KW - Website blacklist

KW - Website security risk

KW - Website whitelist

UR - http://www.scopus.com/inward/record.url?scp=84867609101&partnerID=8YFLogxK

U2 - 10.1002/sec.420

DO - 10.1002/sec.420

M3 - Article

AN - SCOPUS:84867609101

SN - 1939-0114

VL - 5

SP - 1181

EP - 1192

JO - Security and Communication Networks

JF - Security and Communication Networks

IS - 10

ER -

A quantitative approach to estimate a website security risk using whitelist

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this