Defeating pharming attacks at the client-side

Sophie Gastellier-Prevost; Maryline Laurent

doi:10.1109/ICNSS.2011.6059957

Defeating pharming attacks at the client-side

Sophie Gastellier-Prevost, Maryline Laurent

CNRS SAMOVAR UMR 5157

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With the deployment of always-connected broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers information.

Original language	English
Title of host publication	Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011
Pages	33-40
Number of pages	8
DOIs	https://doi.org/10.1109/ICNSS.2011.6059957
Publication status	Published - 17 Nov 2011
Externally published	Yes
Event	2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy Duration: 6 Sept 2011 → 8 Sept 2011

Publication series

Name	Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Conference

Conference	2011 5th International Conference on Network and System Security, NSS 2011
Country/Territory	Italy
City	Milan
Period	6/09/11 → 8/09/11

Access to Document

10.1109/ICNSS.2011.6059957

Cite this

@inproceedings{5e56d99f362c435aa8ef5dd35d0e2aa6,

title = "Defeating pharming attacks at the client-side",

abstract = "With the deployment of always-connected broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95\%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers information.",

author = "Sophie Gastellier-Prevost and Maryline Laurent",

year = "2011",

month = nov,

day = "17",

doi = "10.1109/ICNSS.2011.6059957",

language = "English",

isbn = "9781457704598",

series = "Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011",

pages = "33--40",

booktitle = "Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011",

note = "2011 5th International Conference on Network and System Security, NSS 2011 ; Conference date: 06-09-2011 Through 08-09-2011",

}

Gastellier-Prevost, S & Laurent, M 2011, Defeating pharming attacks at the client-side. in Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011., 6059957, Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011, pp. 33-40, 2011 5th International Conference on Network and System Security, NSS 2011, Milan, Italy, 6/09/11. https://doi.org/10.1109/ICNSS.2011.6059957

Defeating pharming attacks at the client-side. / Gastellier-Prevost, Sophie; Laurent, Maryline.
Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011. 2011. p. 33-40 6059957 (Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Defeating pharming attacks at the client-side

AU - Gastellier-Prevost, Sophie

AU - Laurent, Maryline

PY - 2011/11/17

Y1 - 2011/11/17

N2 - With the deployment of always-connected broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers information.

AB - With the deployment of always-connected broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers information.

U2 - 10.1109/ICNSS.2011.6059957

DO - 10.1109/ICNSS.2011.6059957

M3 - Conference contribution

AN - SCOPUS:81055137281

SN - 9781457704598

T3 - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

SP - 33

EP - 40

BT - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

T2 - 2011 5th International Conference on Network and System Security, NSS 2011

Y2 - 6 September 2011 through 8 September 2011

ER -

Defeating pharming attacks at the client-side

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this