Using automated individual white-list to protect web digital identities
Abstract
The theft attacks of web digital identities, e.g., phishing, and pharming, could result in severe loss to users and vendors, and even hold users back from using online services, e-business services, especially. In this paper, we propose an approach, referred to as automated individual white-list (AIWL), to protect user’s web digital identities. AIWL leverages a Naïve Bayesian classifier to automatically maintain an individual white-list of a user. If the user tries to submit his or her account information to a web site that does not match the white-list, AIWL will alert the user of the possible attack. Furthermore, AIWL keeps track of the features of login pages (e.g., IP addresses, document object model (DOM) paths of input widgets) in the individual white-list. By checking the legitimacy of these features, AIWL can efficiently defend users against hard attacks, especially pharming, and even dynamic pharming. Our experimental results and user studies show that AIWL is an efficient tool for protecting web digital identities.
Keywords
Individual white-list; Web digital identity; Identity theft; Naïve Bayesian classifier; Anti-phishing; Anti-pharming
Date of this Version
11-2012
DOI
10.1016/j.eswa.2012.02.020
Comments
Elsevier
Expert Systems with Applications
Volume 39, Issue 15, 1 November 2012, Pages 11861–11869