[25.03.26] Security Engineering Laboratory (Advisor: Kim Hyung-sik) – Two Papers Accepted for Oral Sessions at The Web..
- SKKU National Program of Excellence in Software
- Hit333
- 2025-03-28
The Security Engineering Laboratory, under the supervision of Professor Kim Hyung-sik, in collaboration with Professor Kim Doo-won from the University of Tennessee, has had two research papers accepted for oral sessions at The Web Conference (WWW) 2025, one of the premier international conferences in the web domain. In this research, alumnus Lee Ki-ho, a former member of the Security Engineering Laboratory (currently at ETRI), participated as a visiting researcher at the University of Tennessee and collaborated with Professor Kim Hyung-sik.
Both papers, based on extensive empirical data, quantitatively analyze the characteristics and structures of phishing attacks. They have been highly acclaimed for providing a fundamental understanding of phishing attacks and proposing new countermeasures. The presentations are scheduled to take place in May 2025 in Sydney, Australia.
Paper 1. 7 Days Later: Analyzing Phishing-Site Lifespan After Detected
This paper presents an empirical study analyzing the lifetime and evolution of phishing sites after detection. Over a period of five months, 286,237 phishing URLs were tracked at 30-minute intervals to examine the attack patterns of phishing sites, shedding light on why the effectiveness of conventional phishing detection strategies is diminishing.
Phishing sites have a short lifespan—with an average survival time of 54 hours and a median of 5.46 hours—highlighting the limitations of training and detection approaches. For instance, Google Safe Browsing detects phishing sites, on average, 4.5 days after their emergence; however, 84% of phishing sites cease operations before detection, demonstrating the inherent limitations of such detection methods.
Paper 2. What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits
This paper presents a systematic analysis of phishing infrastructure by comprehensively examining the security configurations and structural vulnerabilities based on a combined dataset of 906,731 phishing websites and 13,344 phishing kits collected over a period of 2 years and 7 months. The study has attracted attention for proposing a proactive strategy that leverages the structural weaknesses of phishing sites to neutralize the attack infrastructure, thereby moving away from traditional passive detection and blocking methods and towards an early shutdown approach for phishing sites.