Logo

Documentation

Research Paper

We previously published a paper describing the details and usability of an earlier version of AuntieTuna (v0.0.3).

citation

Calvin Ardi and John Heidemann 2016. AuntieTuna: Personalized Content-Based Phishing Detection. Proceedings of the NDSS Workshop on Usable Security (San Diego, California, USA, Feb. 2016).

materials

abstract

Phishing sites masquerade as copies of legitimate sites (“targets”) to fool people into sharing sensitive information that can then be used for fraud. Current phishing defenses can be ineffective, with training ignored, blacklists of discovered, bad sites too slow to pick up new threats, and whitelists of known-good sites too limiting. We have developed a new technique that automatically builds personalized lists of target sites (candidates that may be copied by phish) and then tests sites as a user browses them. Our approach uses cryptographic hashing of the browser’s Document Object Model (DOM) of each page, providing a zero false positive rate and identifying more than half detectable phish in a controlled study. Since each user develops a customized list of target sites, our approach presents a diverse defense against phishers. We have prototyped our approach in as a Chrome browser plugin called AuntieTuna, emphasizing usability through automated and simple manual addition of target sites and clean reports of potential phish that include context about the targeted site. AuntieTuna does not slow web browsing time and presents alerts on phishing pages before users can divulge information. Our plugin has been used by a few users for months and is open-source.

bibtex

@inproceedings{Ardi16a,
  author = {Ardi, Calvin and Heidemann, John},
  title = {{AuntieTuna}: Personalized Content-Based Phishing Detection},
  booktitle = {Proceedings of the  NDSS Workshop on Usable Security},
  year = {2016},
  sortdate = {2016-02-21},
  month = feb,
  publisher = {The Internet Society},
  address = {San Diego, California, USA},
  url = {http://www.isi.edu/%7ejohnh/PAPERS/Ardi16a.html},
  pdfurl = {http://www.isi.edu/%7ejohnh/PAPERS/Ardi16a.pdf},
  codeurl = {https://ant.isi.edu/software/antiphish/},
  keywords = {phishing}
}