A Dual Approach to Detect Pharming Attacks at the Client-Side

Gastellier-Prevost, Sophie; Granadillo, Gustavo Gonzalez; Laurent, Maryline

doi:10.1109/ntms.2011.5721063

Cited by 17 publications

(25 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If it matches the IP address, then it will be consider as genuine page. [6] When installing the software, the software could have its own thirdparty DNS server or the user will be asked to choose it (e.g. OpenDNS, Google DNS, etc.).…”

Section: Pharming Attack Descriptionmentioning

confidence: 99%

See 1 more Smart Citation

Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Alfayoumi¹,

Barhoom²

2015

IJCA

View full text Add to dashboard Cite

Pharming attacks can be performed at the client-side or into the internet. In pharming attack, attackers need not targeting individual user. If pharming is performed by modifying the DNS entries, than it will be affecting to all users who is accessing the web page through that DNS. We propose an approach to protect user at client-side from pharming attacks by comparing IP addresses, using information provided by local DNS server and a list of IP's provided by the domain's Authenticated Name Servers which are the most trusted DNS servers for a domain.

show abstract

Section: Pharming Attack Descriptionmentioning

confidence: 99%

“…Its recommend the user to choose a third-party DNS server different from his IS. [6] Issues:  It will slow down the browsing speed, as for each and every site it is sending request to two different DNS server.…”

Section: Pharming Attack Descriptionmentioning

confidence: 99%

Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Alfayoumi¹,

Barhoom²

2015

IJCA

View full text Add to dashboard Cite

show abstract

“…Our proposal intends to be integrated into the web browsers (see Figure 1) using two components [11] :…”

Section: Framework Descriptionmentioning

confidence: 99%

“…In a previous paper [11], we introduced a dual approach to provide an anti-pharming protection integrated into the client's browser. In this paper, we propose an advanced approach -that combines both an IP address check and a webpage content analysis, using the information provided by multiple DNS servers -with substantial results that demonstrate its accuracy and effectiveness to detect pharming attacks at the client-side.…”

Section: Introductionmentioning

confidence: 99%

Defeating pharming attacks at the client-side

Gastellier-Prevost

Laurent

2011

2011 5th International Conference on Network and System Security

Self Cite

View full text Add to dashboard Cite

International audienceWith the deployment of "always-connected" broadband Internet access, personal networks are a privileged target for attackers and DNS-based corruption. Pharming attacks - an enhanced version of phishing attacks - aim to steal users' credentials by redirecting them to a fraudulent login website, using DNS-based techniques that make the attack imperceptible to the end-user. In this paper, we define an advanced approach to alert the end-user in case of pharming attacks at the client-side. With a success rate over 95%, we validate a solution that can help differentiating legitimate from fraudulent login websites, based on a dual-step analysis (IP address check and webpage content comparison) performed using multiple DNS servers informatio

show abstract

“…(i) Many multifactor authentication mechanisms do not protect against man-in-the-middle attacks (through phishing or pharming, for example, [5,6]). A phishing attacker may get the additional authentication codes the same way as he/she gets the traditional credentials.…”

Section: Introductionmentioning

confidence: 99%

CLAS: A Novel Communications Latency Based Authentication Scheme

Dou

Khalil²,

Khreishah

2017

Security and Communication Networks

View full text Add to dashboard Cite

We design and implement a novel communications latency based authentication scheme, dubbed CLAS, that strengthens the security of state-of-the-art web authentication approaches by leveraging the round trip network communications latency (RTL) between clients and authenticators. In addition to the traditional credentials, CLAS profiles RTL values of clients and uses them to defend against password compromise. The key challenges are (i) to prevent RTL manipulation, (ii) to alleviate network instabilities, and (iii) to address mobile clients. CLAS addresses the first challenge by introducing a novel network architecture, which makes it extremely difficult for attackers to simulate legitimate RTL values. The second challenge is addressed by outlier removal and multiple temporal profiling, while the last challenge is addressed by augmenting CLAS with out-of-band-channels or other authentication schemes. CLAS restricts login to profiled locations while demanding additional information for nonprofiled ones, which highly reduces the attack surface even when the legitimate credentials are compromised. Additionally, unlike many state-ofthe-art authentication mechanisms, CLAS is resilient to phishing, pharming, man-in-the-middle, and social engineering attacks. Furthermore, CLAS is transparent to users and incurs negligible overhead. The experimental results show that CLAS can achieve very low false positive and false negative rates.

show abstract

A Dual Approach to Detect Pharming Attacks at the Client-Side

Cited by 17 publications

References 11 publications

Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Defeating pharming attacks at the client-side

CLAS: A Novel Communications Latency Based Authentication Scheme

Contact Info

Product

Resources

About