Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry

Rana Pourmohamad, Steven Wirsz, Adam Oest, Tiffany Bao, Yan Shoshitaishvili, Fish Wang, Adam Doupé, Rida A. Bazzi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Client-side anti-phishing methods are crucial for safeguarding individuals against phishing attacks, offering a proactive approach beyond traditional blocklisting strategies. This study expands the scope to include a comprehensive evaluation of client-side anti-phishing techniques within the Chrome browser, alongside an in-depth analysis of academic research in the field of phishing over the past five years. Our findings highlight the inherent limitations of current client-side anti-phishing measures, which demonstrated a detection rate of only 14% for phishing websites and blocked merely 10% of login-based phishing sites within the first hour, resulting in a substantial false negative rate. Additionally, our analysis reveals that attackers can readily circumvent these defenses by altering the content of phishing websites. The study also critically assesses recent academic contributions to understand their alignment and potential integration with client-side anti-phishing frameworks. Based on these insights, we propose targeted recommendations to enhance the efficacy and responsiveness of the client-side anti-phishing ecosystem, addressing the challenges of low detection coverage, slow response times, and high rates of false negatives.

Original languageEnglish (US)
Title of host publicationACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages638-653
Number of pages16
ISBN (Electronic)9798400704826
DOIs
StatePublished - Jul 1 2024
Event19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 - Singapore, Singapore
Duration: Jul 1 2024Jul 5 2024

Publication series

NameACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Conference

Conference19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024
Country/TerritorySingapore
CitySingapore
Period7/1/247/5/24

Keywords

  • Blocklist
  • Client-side Anti-Phishing
  • Google SafeBrowsing

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry'. Together they form a unique fingerprint.

Cite this