Review of "Smartening the crowds: computational techniques for improving human verification to fight phishing scams, by Liu G., Xiang G., Pendleton B., Hong J., Liu W.". - In: Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA, July 20-22, 2011

Research output: Contribution to journalBook/Film/Article reviewAcademic

11 Downloads (Pure)

Abstract

A good phishing site should resemble the target site as much as possible, and it should hide the differences with the target site, at least to the unsuspecting user. This paper leverages this observation to cluster similar suspected phishing sites. Then, instead of crowd-sourcing the verification of a single suspected phishing site, a whole cluster can be verified at once. This is reported to improve both the timeliness and the accuracy of the results on the basis of an experiment with 239 participants. Unfortunately, the control group and the experimental group had a large overlap (174 participants). The authors argue that this does not invalidate the results because of minimal learning effects, but they have no evidence for this. I believe that the main contribution of the paper is putting forward the idea of clustering similar suspected phishing sites. The paper shows that such clusters abound and that standard techniques (for example, shingling) are effective in discovering those clusters. This suggests important further research not identified in the paper: Is it possible to distinguish suspected phishing sites from genuine sites simply by searching for look-alikes? It would be prudent to keep humans in the loop to avoid liability issues surrounding false positives, and it would be wise to consider the countermeasures that phishers would use to defeat automatic look-alike detection.
Original languageUndefined
Pages (from-to)CR139837
Number of pages1
JournalComputing reviews
Publication statusPublished - 9 Feb 2012

Keywords

  • SCS-Cybersecurity
  • IR-79734
  • METIS-285137
  • EWI-21525

Cite this

@article{d2434685809940dba83408b4a94ab2ec,
title = "Review of {"}Smartening the crowds: computational techniques for improving human verification to fight phishing scams, by Liu G., Xiang G., Pendleton B., Hong J., Liu W.{"}. - In: Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA, July 20-22, 2011",
abstract = "A good phishing site should resemble the target site as much as possible, and it should hide the differences with the target site, at least to the unsuspecting user. This paper leverages this observation to cluster similar suspected phishing sites. Then, instead of crowd-sourcing the verification of a single suspected phishing site, a whole cluster can be verified at once. This is reported to improve both the timeliness and the accuracy of the results on the basis of an experiment with 239 participants. Unfortunately, the control group and the experimental group had a large overlap (174 participants). The authors argue that this does not invalidate the results because of minimal learning effects, but they have no evidence for this. I believe that the main contribution of the paper is putting forward the idea of clustering similar suspected phishing sites. The paper shows that such clusters abound and that standard techniques (for example, shingling) are effective in discovering those clusters. This suggests important further research not identified in the paper: Is it possible to distinguish suspected phishing sites from genuine sites simply by searching for look-alikes? It would be prudent to keep humans in the loop to avoid liability issues surrounding false positives, and it would be wise to consider the countermeasures that phishers would use to defeat automatic look-alike detection.",
keywords = "SCS-Cybersecurity, IR-79734, METIS-285137, EWI-21525",
author = "Hartel, {Pieter H.}",
note = "Book title: Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA, July 20-22, 2011",
year = "2012",
month = "2",
day = "9",
language = "Undefined",
pages = "CR139837",
journal = "Computing reviews",
issn = "0010-4884",
publisher = "Association for Computing Machinery (ACM)",

}

TY - JOUR

T1 - Review of "Smartening the crowds: computational techniques for improving human verification to fight phishing scams, by Liu G., Xiang G., Pendleton B., Hong J., Liu W.". - In: Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA, July 20-22, 2011

AU - Hartel, Pieter H.

N1 - Book title: Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA, July 20-22, 2011

PY - 2012/2/9

Y1 - 2012/2/9

N2 - A good phishing site should resemble the target site as much as possible, and it should hide the differences with the target site, at least to the unsuspecting user. This paper leverages this observation to cluster similar suspected phishing sites. Then, instead of crowd-sourcing the verification of a single suspected phishing site, a whole cluster can be verified at once. This is reported to improve both the timeliness and the accuracy of the results on the basis of an experiment with 239 participants. Unfortunately, the control group and the experimental group had a large overlap (174 participants). The authors argue that this does not invalidate the results because of minimal learning effects, but they have no evidence for this. I believe that the main contribution of the paper is putting forward the idea of clustering similar suspected phishing sites. The paper shows that such clusters abound and that standard techniques (for example, shingling) are effective in discovering those clusters. This suggests important further research not identified in the paper: Is it possible to distinguish suspected phishing sites from genuine sites simply by searching for look-alikes? It would be prudent to keep humans in the loop to avoid liability issues surrounding false positives, and it would be wise to consider the countermeasures that phishers would use to defeat automatic look-alike detection.

AB - A good phishing site should resemble the target site as much as possible, and it should hide the differences with the target site, at least to the unsuspecting user. This paper leverages this observation to cluster similar suspected phishing sites. Then, instead of crowd-sourcing the verification of a single suspected phishing site, a whole cluster can be verified at once. This is reported to improve both the timeliness and the accuracy of the results on the basis of an experiment with 239 participants. Unfortunately, the control group and the experimental group had a large overlap (174 participants). The authors argue that this does not invalidate the results because of minimal learning effects, but they have no evidence for this. I believe that the main contribution of the paper is putting forward the idea of clustering similar suspected phishing sites. The paper shows that such clusters abound and that standard techniques (for example, shingling) are effective in discovering those clusters. This suggests important further research not identified in the paper: Is it possible to distinguish suspected phishing sites from genuine sites simply by searching for look-alikes? It would be prudent to keep humans in the loop to avoid liability issues surrounding false positives, and it would be wise to consider the countermeasures that phishers would use to defeat automatic look-alike detection.

KW - SCS-Cybersecurity

KW - IR-79734

KW - METIS-285137

KW - EWI-21525

M3 - Book/Film/Article review

SP - CR139837

JO - Computing reviews

JF - Computing reviews

SN - 0010-4884

ER -