This paper presents the design of an information-sharing based or server-assisted anti-phishing system. The system follows a client-server architecture and makes decision based on not only client side heuristics but also collective information from multiple clients. When visiting a web site, a client side proxy, installed as a plug-in to a browser, decides on the legitimacy of the web site based on a combination of white list, black list and heuristics. In case the client side proxy does not have sufficient information to make a clear judgment, it reports the suspicious site to a central server which has access to more complete and up to date information and is in a much better position than individual clients to make informed decisions. Our system is designed to counter against deceptive phishing as well as DNS-hijack attack.
展开▼