Anti-Phishing Software
Docsity.com
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Analysis of Six Free Anti-Phishing Software Tools: Detection Rates and Best Performers, Slides of Software Engineering
An overview of phishing, its prevalence, and the motivation behind testing six free anti-phishing software tools. The research includes an experiment from 'why phishing works', testing 500 legit/phishing sites using avg, ie smartguard, netcraft, comodo verification engine, spoofstick, and mcafee siteadvisor. The analysis reveals the best tool for each category based on the greatest percentage of legit sites verified and the least percentage of false negatives.
Typology: Slides
2012/2013
1 / 11
This page cannot be seen from the preview
Don't miss anything!
Partial preview of the text
Download Analysis of Six Free Anti-Phishing Software Tools: Detection Rates and Best Performers and more Slides Software Engineering in PDF only on Docsity!
Anti-Phishing Software
Overview
- Background
- Research
- Motivation
- Our Project Outline
- Raw Data + Calculations
- Analysis of our work
- Conclusions
- Future Work
- Reference
Research
Looked at an experiment from the article "Why Phishing Works"
- 22 participants
- 7 legit sites, 9 already known phishing, 3 newly phishing
- Purpose of experiment explained to everyone
- 90% of users fooled by well designed phishing
- Results: o Browser alerts = ineffective o Pop ups about fraud = inefficient o 25% not familiar with anti-phishing software o age, sex, experience, hours on comp, highest level of education = no advantages
Motivation
- #1 misjudged phishing site was said to be legit "based on content of the page and detail in design."
- From Jan 1- June 30 2009 there were over 55,000 phishing attacks according to the Anti-Phishing Working Group
- We realize that we can't rely on users alone to distinguish between phishing and legitimate sites
- People don't realize how much profit can come from a convincing phishing site
Raw Data + Calculations
- Initial Results Spreadsheet
- Example Analysis on SpoofStick taken from banking category o
Analysis of Results
- None of the 6 tools showed any signs of false positives (saying it's a phishing site but it is not)
- How we decided on best tool for each category: o greatest % verifying legit sites (not including unsure) o least % of false negatives
- Best tool by category: o Banking: NetCraft - all legit verified, 8% false negative, 131 sites o E-commerce: NetCraft - all legit verified, 2% false negative
Analysis of Results
- Social Networking: NetCraft or McAfee
SiteAdvisor - out of 92 sites (54 phishing, 38 legit)
- still ~ 10 phishing not detected
- Messenger: NetCraft or McAfee SiteAdvisor - only
8 sites analyzed, both came back with 1 false
negative
- Other: NetCraft - 20 sites, 1 false positive
Future Work
- We would like to have a more extensive legit/phishing spreadsheet of sites
- We would like to continue to add the latest phishing sites reported by users on phishtank.com
- We would like to test the following three tools: o Microsoft Anti-Phishing Filter Add-in o SpoofGuard o CallingID Toolbar