Han, Weili and Cao, Ye and Bertino, Elisa and Yong, Jianming (2012) Using automated individual white-list to protect web digital identities. Expert Systems with Applications, 39 (15). pp. 11861-11869. ISSN 0957-4174
|HTML Citation||EndNote||Dublin Core||Reference Manager|
Full text not available from this archive.
Identification Number or DOI: doi: 10.1016/j.eswa.2012.02.020
The theft attacks of web digital identities, e.g., phishing, and pharming, could result in severe loss to users and vendors, and even hold users back from using online services, e-business services, especially. In this paper, we propose an approach, referred to as automated individual white-list (AIWL), to protect user's web digital identities. AIWL leverages a Naïve Bayesian classifier to automatically maintain an individual white-list of a user. If the user tries to submit his or her account information to a web site that does not match the white-list, AIWL will alert the user of the possible attack. Furthermore, AIWL keeps track of the features of login pages (e.g., IP addresses, document object model (DOM) paths of input widgets) in the individual white-list. By checking the legitimacy of these features, AIWL can efficiently defend users against hard attacks, especially pharming, and even dynamic pharming. Our experimental results and user studies show that AIWL is an efficient tool for protecting web digital identities.
|Item Type:||Article (Commonwealth Reporting Category C)|
|Additional Information:||Permanent restricted access to published version of article due to copyright policy of publisher (Elsevier).|
|Uncontrolled Keywords:||anti-pharming; anti-phishing; identity theft; individual white-list; naïve Bayesian classifier; web digital identity|
|Fields of Research (FOR2008):||08 Information and Computing Sciences > 0804 Data Format > 080402 Data Encryption|
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
08 Information and Computing Sciences > 0805 Distributed Computing > 080505 Web Technologies (excl. Web Search)
|Socio-Economic Objective (SEO2008):||E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences|
|Deposited On:||03 Aug 2012 22:35|
|Last Modified:||14 Feb 2013 11:24|
Archive Staff Only: edit this record