By Topic

Building Anti-Phishing Browser Plug-Ins: An Experience Report

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Raffetseder, T. ; Tech. Univ. of Vienna, Vienna ; Kirda, E. ; Kruegel, C.

Phishing is an online identity theft that aims to steal sensitive information such as user names, passwords, and credit card numbers. Although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of phishing scams is continuing to grow, and the costs of the resulting damages is increasing. Researchers as well as the IT industry have identified the urgent need for anti-phishing solutions and recently, a number of solutions to mitigate phishing attacks have been proposed. Several of these approaches are browser plug- ins. In 2005, we implemented a Firefox anti-phishing browser plug-in called AntiPhish. After releasing AntiPhish, we decided to port it to the Microsoft Internet Explorer (IE) browser. Supporting IE was important because a majority of Internet users are accessing the web with this browser. Our initial expectation at the beginning of the project was that porting a browser plug-in that is written for Firefox to IE could not be too difficult; after all, browser plug-ins are conceptually similar. However, creating an anti-phishing browser plug-in for the IE proved to be much more challenging than expected. In this paper, we report on our experience in implementing anti-phishing (i.e., security) browser plug-ins and summarize five lessons we learned from our undertaking.

Published in:

Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on

Date of Conference:

20-26 May 2007