Building Anti-Phishing Browser Plug-Ins: An Experience Report

S
SESS
2007
Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)
Abstract - Building Anti-Phishing Browser Plug-Ins: An Experience Report

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Thomas Raffetseder Articles by Engin Kirda Articles by Christopher Kruegel

Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)

Minneapolis, Minnesota

May 20-May 26

ISBN: 0-7695-2952-6

	ASCII Text	x
	Thomas Raffetseder, Engin Kirda, Christopher Kruegel, "Building Anti-Phishing Browser Plug-Ins: An Experience Report," Software Engineering for Secure Systems, International Workshop on, pp. 6, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007), 2007.

	BibTex	x
	@article{ 10.1109/SESS.2007.6, author = {Thomas Raffetseder and Engin Kirda and Christopher Kruegel}, title = {Building Anti-Phishing Browser Plug-Ins: An Experience Report}, journal ={Software Engineering for Secure Systems, International Workshop on}, volume = {0}, year = {2007}, isbn = {0-7695-2952-6}, pages = {6}, doi = {http://doi.ieeecomputersociety.org/10.1109/SESS.2007.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Engineering for Secure Systems, International Workshop on TI - Building Anti-Phishing Browser Plug-Ins: An Experience Report SN - 0-7695-2952-6 SP EP A1 - Thomas Raffetseder, A1 - Engin Kirda, A1 - Christopher Kruegel, PY - 2007 KW - Phishing KW - Security KW - Browser Helper Objects KW - .NET KW - Internet Explorer KW - Firefox VL - 0 JA - Software Engineering for Secure Systems, International Workshop on ER -

Thomas Raffetseder, Technical University of Vienna, Austria

Engin Kirda, Technical University of Vienna, Austria

Christopher Kruegel, Technical University of Vienna, Austria

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SESS.2007.6

Phishing is an online identity theft that aims to steal sensitive information such as user names, passwords, and credit card numbers. Although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of phishing scams is continuing to grow, and the costs of the resulting damages is increasing. Researchers as well as the IT industry have identified the urgent need for anti-phishing solutions and recently, a number of solutions to mitigate phishing attacks have been proposed. Several of these approaches are browser plugins.

In 2005, we implemented a Firefox anti-phishing browser plug-in called AntiPhish. After releasing AntiPhish, we decided to port it to the Microsoft Internet Explorer (IE) browser. Supporting IE was important because a majority of Internet users are accessing the web with this browser. Our initial expectation at the beginning of the project was that porting a browser plug-in that is written for Firefox to IE could not be too difficult; after all, browser plug-ins are conceptually similar. However, creating an anti-phishing browser plug-in for the IE proved to be much more challenging than expected. In this paper, we report on our experience in implementing anti-phishing (i.e., security) browser plug-ins and summarize five lessons we learned from our undertaking.

Index Terms:

Phishing, Security, Browser Helper Objects, .NET, Internet Explorer, Firefox

Citation:

Thomas Raffetseder, Engin Kirda, Christopher Kruegel, "Building Anti-Phishing Browser Plug-Ins: An Experience Report," sess, pp.6, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.