A quantitative approach to estimate a website security risk using whitelist

Young-Gab Kim, Minsoo Lee, Sanghyun Cho, Sungdeok Cha
2012 Security and Communication Networks  
Despite much research on defense against phishing attacks, incidents continue to occur where sensitive (e.g., personal or financial) information is stolen using social engineering and technical spoofing techniques. Most approaches use the notions of blacklists versus whitelists (WWLs), and it is difficult to quantify the degree of a website's vulnerability against phishing attacks. In this paper, we present a quantitative approach for evaluating the phishing possibility of a given website using
more » ... the refined security risk elements for domain and web page. Design and implementation of the website risk assessment system for antiphishing are also included. It can detect suspicious websites containing phishing attack and abnormal behavior and generates a warning if website is judged untrustworthy.
doi:10.1002/sec.420 fatcat:p45rh5itszbdlhwgro3oftoh5a