The goal of our research is to address Internet security problems using Internet traffic passive measurement. In this project, we focus on a recent security problem: Web phishing. Web phishing is a security attack in which Web users disclose their credentials and personal information to malicious third parties on the Internet. Our project is centered on answering three simple questions about Web phishing: (1) who are the attackers; (2) who are the victims; and (3) how can we detect, prevent, and eradicate these attacks? We plan to answer these questions by analyzing the Internet traffic exchanged by a large population of users, such as all Internet users at the University of Toronto at Mississauga.
We conduct our research by preserving the anonymity and privacy of ALL Internet users. We will investigate these three questions without revealing the identity of the victims or the attackers. For example, we will examine whether Web phishing victims are frequent Internet users, whether they receive a large amount of spam e-mail, and whether they download executable code that can be exploited by a malicious third party. Similarly, we will not identify the attackers' identities. Instead, we will examine whether these attacks come from parts of the Internet that no other traffic is exchanged with (i.e., network address ranges that do not send any traffic other than Web phishing traffic.) Answering such questions could provide initial insight into how to build simpler and more effective Web phishing detection and prevention solutions. We would like to emphasize again that we do not inspect nor record the identities of any of the parties whose traffic we are monitoring.
Our Privacy Protocol