TY - GEN
T1 - Secure web referral service
AU - Nagarajan, Vijayakrishnan
AU - Huang, Dijiang
PY - 2012/5/11
Y1 - 2012/5/11
N2 - Security has become a major concern while browsing as the number of malicious sites keeps increasing with the cost for hosting a site decreasing. Though most of the web servers use Secure Socket Layer (SSL) over HTTP (Hyper Text Transfer Protocol) to ensure trust between consumers and providers, SSL is vulnerable to Man-In-The-Middle (MITM) attack and becoming very common these days. Phishing is another major problem, which has increased rapidly over the years. In this paper we present a novel secure web referral service using Secure Search Engine (SSE), which would resolve phishing and MITM attacks for web based applications. SSE is based on web crawling technology with a set of checking services to validate IP addresses and certificate chains. Additionally, we present a novel phishing filter that can be used to check any given URLs with minimal delay. Our solution is non-intrusive and reduces human factors, which are commonly in existing web-based services, in security verification processes. Our evaluation shows that our solutions produce less false positive and false negative than existing web browser-based anti-phishing solutions.
AB - Security has become a major concern while browsing as the number of malicious sites keeps increasing with the cost for hosting a site decreasing. Though most of the web servers use Secure Socket Layer (SSL) over HTTP (Hyper Text Transfer Protocol) to ensure trust between consumers and providers, SSL is vulnerable to Man-In-The-Middle (MITM) attack and becoming very common these days. Phishing is another major problem, which has increased rapidly over the years. In this paper we present a novel secure web referral service using Secure Search Engine (SSE), which would resolve phishing and MITM attacks for web based applications. SSE is based on web crawling technology with a set of checking services to validate IP addresses and certificate chains. Additionally, we present a novel phishing filter that can be used to check any given URLs with minimal delay. Our solution is non-intrusive and reduces human factors, which are commonly in existing web-based services, in security verification processes. Our evaluation shows that our solutions produce less false positive and false negative than existing web browser-based anti-phishing solutions.
UR - http://www.scopus.com/inward/record.url?scp=84860680477&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84860680477&partnerID=8YFLogxK
U2 - 10.1109/ICOIN.2012.6164348
DO - 10.1109/ICOIN.2012.6164348
M3 - Conference contribution
AN - SCOPUS:84860680477
SN - 9781467302517
T3 - International Conference on Information Networking
SP - 53
EP - 58
BT - International Conference on Information Networking 2012, ICOIN 2012 - Conference Program
T2 - 26th International Conference on Information Networking 2012, ICOIN 2012
Y2 - 1 February 2012 through 3 February 2012
ER -