Share This Article:

HumanBoost: Utilization of Users’ Past Trust Decision for Identifying Fraudulent Websites

Full-Text HTML Download Download as PDF (Size:491KB) PP. 190-199
DOI: 10.4236/jilsa.2010.24022    4,493 Downloads   8,596 Views   Citations

ABSTRACT

This paper presents HumanBoost, an approach that aims at improving the accuracy of detecting so-called phishing sites by utilizing users’ past trust decisions (PTDs). Web users are generally required to make trust decisions whenever their personal information is requested by a website. We assume that a database of user PTDs would be transformed into a binary vector, representing phishing or not-phishing, and the binary vector can be used for detecting phishing sites, similar to the existing heuristics. For our pilot study, in November 2007, we invited 10 participants and performed a subject experiment. The participants browsed 14 simulated phishing sites and six legitimate sites, and judged whether or not the site appeared to be a phishing site. We utilize participants’ trust decisions as a new heuristic and we let AdaBoost incorporate it into eight existing heuristics. The results show that the average error rate for HumanBoost was 13.4%, whereas for participants it was 19.0% and for AdaBoost 20.0%. We also conducted two follow-up studies in March 2010 and July 2010, observed that the average error rate for HumanBoost was below the others. We therefore conclude that PTDs are available as new heuristics, and HumanBoost has the potential to improve detection accuracy for Web user.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

D. Miyamoto, H. Hazeyama and Y. Kadobayashi, "HumanBoost: Utilization of Users’ Past Trust Decision for Identifying Fraudulent Websites," Journal of Intelligent Learning Systems and Applications, Vol. 2 No. 4, 2010, pp. 190-199. doi: 10.4236/jilsa.2010.24022.

References

[1] T. McCall and R. Moss, “Gartner Survey Shows Frequent Data Security Lapses and Increased Cyber Attacks Dam-age Consumer Trust in Online Commerce,” 2005. http://www.gartner.com/press_releases/asset_129754 _11. html
[2] C. Pettey and H. Stevens, “Gartner Says Number of Phishing Attacks on U.S. Consumers In-creased 40 Percent in 2008,” April 2009. http://www.gartner.com/it/ page.jsp?id=936913
[3] Anti-Phishing Working Group, “Phishing Activity Trends Report-Q1, 2008,” August 2008. http://www.apwg. com/reports/apwgreport_Q1_2008.pdf, 0
[4] Y. Zhang, S. Egelman, L. Cranor and J. Hong, “Phinding Phish: Evaluating Anti-Phishing Tools,” Proceedings of the 14th Annual Network and Distributed System Security Sympo-sium, USA, February 2007.
[5] D. Miyamoto, H. Ha-zeyama and Y. Kadobayashi, “An Evaluation of Machine Learning-Based Methods for Detection of Phishing Sites,” Australian Journal of Intelligent Information Processing Systems, Vol. 10, No. 2, 2008, pp. 54-63.
[6] I. Fette, N. Sadeh and A. Tomasic, “Learning to Detect Phishing Emails,” Proceedings of the 16th International Conference on World Wide Web, Canada, May 2007, pp. 649-656.
[7] S. Abu-Nimeh, D. Nappa, X. Wang and S. Nair, “A Comparison of Machine Learning Techniques for Phishing Detection,” Proceedings of the 2nd Annual Anti-Phishing Working Groups eCrime Researchers Summit, USA, October 2007, pp. 60-69.
[8] R. Basnet, S. Mukkamala and A. H. Sung, “Detection of Phishing Attacks: A Machine Learning Approach,” Studies in Fuzziness and Soft Computing, Vol. 226, February 2008, pp. 373-383.
[9] Y. Pan and X. Ding, “Anomaly Based Web Phishing Page Detection,” Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference, USA, September 2006, pp. 381-392.
[10] Y. Zhang, J. Hong and L. Cranor, “CANTINA: A Content-Based Approach to Detect Phishing Web Sites,” Proceedings of the 16th World Wide Web Conference, China, May 2007, pp. 639-648.
[11] Open DNS, “Phishtank-Join the Fight against Phishing,” http://www.phishtank.com.
[12] Y. Freund and R. E. Schapire, “A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting,” Journal of Computer and System Science, Vol. 55, No. 1, August 1997, pp. 119-137.
[13] R. Dhamija, J. D. Tygar and M.A. Hearst, “Why Phishing Works,” Proceedings of Conference on Human Factors in Computing Systems, April 2006, pp. 581-590.
[14] A. Y. Fu, X. Deng, L. Wenyin and G. Little, “The Methodology and an Application to Fight against Unicode Attacks,” Proceedings of the 2nd Symposium on Usable Privacy and Security, USA, July 2006, pp. 91-101.
[15] T. A. Phelps and R. Wilensky, “Robust Hyperlinks: Cheap, Everywhere, Now,” Proceedings of the 8th International Conference on Digital Documents and Electronic Publishing, September 2000, pp. 28-43.

  
comments powered by Disqus

Copyright © 2018 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.