ABSTRACT
In recent years, phishing has become one of the biggest security threats on the Internet. To combat phishing, it requires multiple steps and multi-agency participation and thus desperately need uniform data sharing format and unobstructed sharing channels, which unfortunately is just what is lacking currently. This paper proposes a novel phishing data sharing mechanism based on the consortium blockchain. It designs four types of nodes, including reporting node, accounting node, servicing node and supervising node and illustrates the roles of each type. Then it demonstrates the process of reporting, accounting and servicing and designs the process of post-supervision, which ensures the operation of the mechanism stable and fastest; and then discusses its implementation on Hyperledger Fabric. The proposed mechanism includes multi-source reporting, anti-tamper accounting, multi-channel disposal of phishing data and post-supervision. It provides a platform for multi-party participation, transparent and efficient coordination and unified standard and overcomes the current prominent problems of phishing data sharing; and the participants on the consortium blockchain all have a strong desire to combat phishing, which ensures the proposed mechanism is also very practical and highly feasible.
- Symantec Corporation.2015. Symantec intelligence report {online}.Available: https://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence-report-01-2015-en-us.pdfGoogle Scholar
- Khalid, J., Jalil, R., Khalid, M., Maryam, M., Shafique, M.A. and Rasheed, W. 2019. Anti-phishing models for mobile application development: A review paper. In: Bajwa I., Kamareddine F., Costa A. (eds) Intelligent Technologies and Applications. INTAP 2018. Communications in Computer and Information Science, vol 932. Springer, Singapore.Google Scholar
- Jeeva, S.C. and Rajsingh, E.B.2016. Intelligent phishing URL detection using association rule mining. Human-centric Computing and Information Sciences, 6, 10. Google ScholarDigital Library
- APWG. 2018. ICANN's temporary specification survey{online}. Available: https://apwg.org/apwg-news-center/icann-whois-access/temporySpecSurveyGoogle Scholar
- Abutair, H., Belghith, A. and AlAhmadi, S. J. 2018. CBR-PDS: A case-based reasoning phishing detection system. Journal of Ambient Intelligence and Humanized Computing.Google Scholar
- Rao, R.S., Pais, A. R. 2018. Detection of phishing websites using an efficient feature-based machine learning framework. Neural Computing and Applications.Google Scholar
- Heartfield, R. and Loukas, G. 2018. Protection against semantic social engineering attacks. In: Conti, M., Somani, G., Poovendran R. (eds) Versatile Cybersecurity. Advances in Information Security, vol 72. Springer, Cham.Google Scholar
- IETF. 2010. RFC5901. Extensions to the IODEF-document class for reporting phishing{online}. Available: https://www.rfc-editor.org/rfc/pdfrfc/rfc5901.txt.pdf.Google Scholar
- IETF. 2010. RFC5941. Sharing transaction fraud data. {online}. Available: https://www.rfc-editor.org/rfc/pdfrfc/rfc5941.txt.pdf.Google Scholar
- China Telecom Professional Network. 2016. YD/T 3038--2016. Technical requirements for a data exchange protocol for phishing attacks reporting{online}. Available: http://www.bzfxw.com/e/DownSys/DownSoft/?classid=109&id=328542Google Scholar
- Geersdaele, F.V. 2015. The promise of the blockchain: The trust machine. The Economist. Available online: https://www.economist.com/leaders/2015/10/31/the-trust-machine.Google Scholar
- Singhal, B., Dhameja, G. and Panda, P.S. 2018. How Blockchain Works. In: Beginning Blockchain. Apress, Berkeley, CA.Google ScholarDigital Library
- Esposito, C., Santis, A. D., Tortora, G., Chang, H., and Choo, K. K. R.. 2018. Blockchain: a panacea for healthcare cloud-based data security and privacy? IEEE Cloud Computing, 5, 1.Google ScholarCross Ref
- Dorri, A., Steger, M., Kanhere, S. S., and Jurdak, R. 2017. BlockChain: A distributed solution to automotive security and privacy. IEEE Communications Magazine, 55, 12. Google ScholarDigital Library
- Zhang, A., and Lin, X. 2018. Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. Journal of Medical Systems, 42, 8. Google ScholarDigital Library
- Pathak N. and Bhandari A. 2018. Implementing Blockchain as a Service. In: IoT, AI, and Blockchain for .NET. Apress, Berkeley, CA.Google ScholarDigital Library
- The Linux Foundation. 2018. The Linux Foundation helps Hyperledger build the most vibrant open source ecosystem for blockchain{online}. Available: https://www.linuxfoundation.org/projects/case-studies/hyperledger/.Google Scholar
- Thakkar, P., Nathan, S., and Vishwanathan, B. 2018. Performance benchmarking and optimizing Hyperledger fabric blockchain platform. IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS).Google Scholar
- APWG. 2019. Phishing Activity Trends Report 4th Quarter 2018{online}. Available: http://docs.apwg.org/reports/apwg_trends_report_q4_2018.pdf.Google Scholar
Index Terms
- PhishLedger: A Decentralized Phishing Data Sharing Mechanism
Recommendations
Classification of Anti-phishing Solutions
AbstractPhishing is an online fraud through which phisher gains unauthorized access to the user system to lure the personal credentials (such as username, password, credit/debit card number, validity, CVV number, and pin) for financial gain. Phishing can ...
Itrustpage: a user-assisted anti-phishing tool
EuroSys '08Despite the many solutions proposed by industry and the research community to address phishing attacks, this problem continues to cause enormous damage. Because of our inability to deter phishing attacks, the research community needs to develop new ...
Itrustpage: a user-assisted anti-phishing tool
Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008Despite the many solutions proposed by industry and the research community to address phishing attacks, this problem continues to cause enormous damage. Because of our inability to deter phishing attacks, the research community needs to develop new ...
Comments