In this paper, we study the eectiveness of phishing black-
lists. We used 191 fresh phish that were less than 30 minutes
old to conduct two tests on eight anti-phishing toolbars. We
found that 63% of the phishing campaigns in our dataset
lasted less than two hours. Blacklists were ineective when
protecting users initially, as most of them caught less than
20% of phish at hour zero. We also found that blacklists
were updated at dierent speeds, and varied in coverage, as
47% - 83% of phish appeared on blacklists 12 hours from the
initial test. We found that two tools using heuristics to com-
plement blacklists caught signicantly more phish initially
than those using only blacklists. However, it took a long
time for phish detected by heuristics to appear on blacklists.
Finally, we tested the toolbars on a set of 13,458 legitimate
URLs for false positives, and did not nd any instance of
mislabeling for either blacklists or heuristics. We present
these ndings and discuss ways in which anti-phishing tools
can be improved.
In this paper, we study the e ectiveness of phishing black-lists. We used 191 fresh phish that were less than 30 minutesold to conduct two tests on eight anti-phishing toolbars. Wefound that 63% of the phishing campaigns in our datasetlasted less than two hours. Blacklists were ine ective whenprotecting users initially, as most of them caught less than20% of phish at hour zero. We also found that blacklistswere updated at di erent speeds, and varied in coverage, as47% - 83% of phish appeared on blacklists 12 hours from theinitial test. We found that two tools using heuristics to com-plement blacklists caught signi cantly more phish initiallythan those using only blacklists. However, it took a longtime for phish detected by heuristics to appear on blacklists.Finally, we tested the toolbars on a set of 13,458 legitimateURLs for false positives, and did not nd any instance ofmislabeling for either blacklists or heuristics. We presentthese ndings and discuss ways in which anti-phishing toolscan be improved.
การแปล กรุณารอสักครู่..