PhishNet: Predictive Blacklisting Quiz

Questions and Answers

What is the primary purpose of PhishNet?

• To secure user passwords from theft
• To prevent all forms of cyberattacks
• To create a comprehensive list of all websites
• To identify phishing attacks using predictive blacklisting (correct)

Which method does PhishNet employ to detect new phishing sites?

• Exact match with pre-defined blacklisted entries
• Combining heuristics from blacklisted sites (correct)
• Machine learning algorithms for user behavior
• Using behavioral analysis of browsing patterns

Which component of PhishNet is responsible for identifying malicious URLs?

• Component II: predicting malicious URLs
• Component I: predicting URLs (correct)
• Component II: exact matching
• Component I: approximate matching

Which heuristic is NOT mentioned as part of PhishNet's process?

User feedback analysis (C)

What type of matching algorithm does PhishNet propose to evaluate URLs?

Approximate matching algorithm (D)

Flashcards are hidden until you start studying

Study Notes

PhishNet

• PhishNet is a predictive blacklisting scheme used to detect phishing attacks.
• Traditional blacklisting approaches are easily evaded by attackers because they rely on exact matches with blacklisted entries.
• PhishNet utilizes five heuristics: top-level domains, IP address, directory structure, query string, and brand name.
• PhishNet combines blacklisted sites using these heuristics to identify new phishing sites.
• PhishNet employs an approximate matching algorithm to determine if a URL is a phishing site.
• PhishNet has two main components:
  • Component I: Predicting malicious URLs.
  • Component II: Approximate matching.