Pharming is an advanced form of attack intended to redirect a website's traffic to another, bogus site. Using traditional phishing detecting technologies cannot detect pharming attacks effectively. At present, few research works against pharming attacks have been done and the solutions are relatively rough. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are strong required to protect against this serious threat. In this paper we proposed a client pharming attack hybrid detection model which is based on web content and IF addresses. The proposed solution is divided into two steps. At the first step, multiple DNS servers are used to verify the authenticity of the resolved IF address which is corresponding to URL of the webpage. We will step into the second stage when the IP address is identified as suspicious. We present an algorithm to build a classifier which can detect whether the user suffered pharming attacks. The simulation results show that detection rate of the proposed hybrid model is more than 99%.

• 出版日期2015
• 单位华北电力大学; 华北电力大学（保定）