Using automated individual white-list to protect web digital identities

Han, Weili and Cao, Ye and Bertino, Elisa and Yong, Jianming (2012) Using automated individual white-list to protect web digital identities. Expert Systems with Applications, 39 (15). pp. 11861-11869. ISSN 0957-4174

Abstract

The theft attacks of web digital identities, e.g., phishing, and pharming, could result in severe loss to users and vendors, and even hold users back from using online services, e-business services, especially. In this paper, we propose an approach, referred to as automated individual white-list (AIWL), to protect user's web digital identities. AIWL leverages a Naïve Bayesian classifier to automatically maintain an individual white-list of a user. If the user tries to submit his or her account information to a web site that does not match the white-list, AIWL will alert the user of the possible attack. Furthermore, AIWL keeps track of the features of login pages (e.g., IP addresses, document object model (DOM) paths of input widgets) in the individual white-list. By checking the legitimacy of these features, AIWL can efficiently defend users against hard attacks, especially pharming, and even dynamic pharming. Our experimental results and user studies show that AIWL is an efficient tool for protecting web digital identities.


Statistics for USQ ePrint 21539
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to published version of article due to copyright policy of publisher (Elsevier).
Depositing User: epEditor USQ
Faculty / Department / School: Historic - Faculty of Business and Law - School of Information Systems
Date Deposited: 03 Aug 2012 12:35
Last Modified: 21 Jul 2014 05:03
Uncontrolled Keywords: anti-pharming; anti-phishing; identity theft; individual white-list; naïve Bayesian classifier; web digital identity
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0804 Data Format > 080402 Data Encryption
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
08 Information and Computing Sciences > 0805 Distributed Computing > 080505 Web Technologies (excl. Web Search)
Socio-Economic Objective (SEO2008): E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: doi: 10.1016/j.eswa.2012.02.020
URI: http://eprints.usq.edu.au/id/eprint/21539

Actions (login required)

View Item Archive Repository Staff Only