Upload File

phi.sh/$ocial: the phishing landscape through short urls

  • Home
  • Documents
  • Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
25
Phi.sh/$oCiaL: The Phishing Landscape through Short URLs Sidharth Chhabra * , Anupama Aggarwal , Fabricio Benevenuto , Ponnurangam Kumaraguru * Delhi College of Engineering, IIIT-Delhi, Federal University of Ouro Preto

Upload: robert

Post on 13-Jan-2016

44 views

Category:

Documents


1 download

Report

Tags:

DESCRIPTION

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs. Sidharth Chhabra * , Anupama Aggarwal † , Fabricio Benevenuto ‡ , Ponnurangam Kumaraguru †. * Delhi College of Engineering, † IIIT-Delhi, † Federal University of Ouro Preto. Motivation. Phishing via Short URLs. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

Phi.sh/$oCiaL: The Phishing Landscape

through Short URLsSidharth Chhabra*, Anupama Aggarwal†, Fabricio Benevenuto‡, Ponnurangam Kumaraguru†

*Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto

Page 2: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

2

Motivation

Page 3: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

3

Page 4: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

4

Page 5: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

5

Phishing via Short URLs

Page 6: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

6

•Most popular - June 2010 - January 2011 *

•Most abused URL shortener

•23.48% of short URL services

http://techblog.avira.com/en/

http://techblog.avira.com/en/
Page 7: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

7

Research Aim

Page 8: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

8

•Analysis of Phishing Tweets containing Bitly

• How is Bitly used by Phishers?

• Who is Targeted ?

• Which Locations are Affected ?

Page 9: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

9

System Architecture

Page 10: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

10

Referral Analysis

URL

Time

Is a Phish

Is Up

Phishing

URLs

Short

URLsLong URL

Short URL

Created by

Lookup API

Brand Analysis

Temporal Analysis

Geographical Analysis

Behavioral

Analysis

Text Analysis

Network Analysis

Data Collection Filtering

Analysis

Page 11: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

11

Vote if Phishing

Yes No Unknown

Online

Yes 11,081 392 1,234

No1,02,17

55,991 68,731

Unknown 4,863 523 795

1 January - 31 December, 2010

Dataset

Page 12: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

12

Dataset

• 990 public Twitter users who posted phish tweets

• 864 user accounts present at the time of analysis

• 2000 past tweets for each of 516 users

Page 13: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

13

Results

Page 14: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

14

Space gain is fraction of space saved by using bit.lyFor 50% URLs, Space Gain < 37%

Page 15: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

15

Social Network Websites targeted

Page 16: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

16

516Twitterusers

213 inorganic

303 organic

153 compromised

150 legitimate

Phish activity is majorly automated

Page 17: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

17

Sparse Network, High Reciprocity

Page 18: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

18

Country was determined by using the Bit.ly statistics

Brazil is most targeted followed by US and Canada

Page 19: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

19

Limitations

Page 20: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

20

•Reliance on PhishTank

•90% URLs offline when voted

•Small number of active voters

Page 21: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

21

Conclusion

Page 22: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

22

•URLs shorteners used to hide identity

•Change in landscape of phishing - OSNs target

•Phishing activity is automated

•Lack of phishing communities

•Brazil had highest phish URL clickthrough

Page 23: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

23

Future Work

Page 24: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

24

•Analyze the use of URL shorteners like goo.gl, tinyurl etc.

•Develop an algorithm to detect phishing on Twitter

Page 25: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

25

Thank You !http://precog.iiitd.edu.in

http://precog.iiitd.edu.in/

Information Retrieval - Stanford University · Basic crawler operation §Begin with known seed URLs §Fetch and parse them §Extract URLs they point to §Place the extracted URLs

S OCIAL S TRUCTURE AND S OCIAL I NTERACTION. S OCIAL S TRUCTURE To understand human behavior, you need to understand social structure, the framework of

Mini lesson on URLs

7 S ocial Science

Capture All the URLs

ID DD URLS

MCCC presentation with urls

Update seo urls

{all urls are clickable}

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

S ocial Neuroscience

OCIAL PROBLEMS THEORY DIVISION - SSSP

The UX of URLs

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs Sidharth Chhabra *, Anupama Aggarwal †, Fabricio Benevenuto ‡, Ponnurangam Kumaraguru † * Delhi

Cognos Direct URL Usage Business Intelligence. Using URLs Cognos 8 can be utilized directly with parameterized URLs. These URLs can send users directly

Upgraded URLs

$ocial media marketing PPT

Traffic Blazer URLs

CORPORATES OCIAL PERFORMANCER EVISITED

Ontologies, URLs and Registers

Files Paths Folders URLs

Karnataka Colleges Urls

urls descarga

S ocial M edia

Phi.sh/ oCiaL: The Phishing Landscape through Short URLsprecog.iiitd.edu.in/Publications_files/SC_AA_FB_PK_CEAS2011.pdf · • Online social media brands account for more than 70%

CORPORATE TRUSTEESHIPS OCIAL

Learning to read urls

URLs for Pictures

DotNetNuke Friendly Urls

From Drives to URLs

Z39.50 URLs

History of $ocial Medias Part 1

$ocial $eriou$

URLs for Pictures ht.jpg

History of $ocial Medias Part III