An Anti-Phishing System Employing Diffused Information

Chen, Teh-Chung; Stepan, Torin; Dick, Scott; Miller, James

doi:10.1145/2584680

Cited by 36 publications

(23 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some detection methods rely on URL lexical obfuscation characteristics [12], [33] and webpage hosting related features [30], [39] to decide if a webpage is a phish. The visual similarity of a phish with its target was also exploited to detect phishs [31], [40]. Visual similarity analysis presupposes that a potential target is known a priori though, limiting its applicability.…”

Section: Related Workmentioning

confidence: 99%

“…We present the size of the testing sets used to evaluate each system and the provenance of the legitimate set, showing how representative the set is. For example, using popular websites (such as top Alexa sites) [25], [31] as the legitimate set is not representative. The ratio of training to testing instances (Train/Test) indicates the scalability of the method and the ratio of legitimate to phishing instances (Leg/Phish) shows the extent to which the experiments represent a real world distribution (≈ 100/1) [2], [27].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Marchal

Armano²,

Gröndahl

et al. 2017

IEEE Trans. Comput.

View full text Add to dashboard Cite

Abstract-Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Marchal

Armano²,

Gröndahl

et al. 2017

IEEE Trans. Comput.

View full text Add to dashboard Cite

show abstract

“…HTML analysis has also been exploited to this end, often complemented by the use of search engines to identify phishing pages with similar text and page layout [24,28], or by the analysis of the pages linked to (or by) the suspect pages [29]. The main difference with target-independent approaches is that most of the target-dependent approaches have considered measures of visual similarity between webpage snapshots or embedded images, using a wide range of image analysis techniques, mostly based on computing lowlevel visual features, including color histograms, twodimensional Haar wavelets, and other well-known image descriptors normally exploited in the field of computer vision [30,31,12,13]. Notably, only few work has considered the combination of both HTML and visual characteristics [11,32].…”

Section: Phishing Webpage Detectionmentioning

confidence: 99%

“…2). Most of them are based on comparing the candidate phishing webpage against a set of known targets [10,11], or on extracting some generic features to discriminate between phishing and legitimate webpages [12,14].…”

Section: Introductionmentioning

confidence: 99%

DeltaPhish: Detecting Phishing Webpages in Compromised Websites

Corona

Biggio

Contini

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The large-scale deployment of modern phishing attacks relies on the automatic exploitation of vulnerable websites in the wild, to maximize profit while hindering attack traceability, detection and blacklisting. To the best of our knowledge, this is the first work that specifically leverages this adversarial behavior for detection purposes. We show that phishing webpages can be accurately detected by highlighting HTML code and visual differences with respect to other (legitimate) pages hosted within a compromised website. Our system, named DeltaPhish, can be installed as part of a web application firewall, to detect the presence of anomalous content on a website after compromise, and eventually prevent access to it. DeltaPhish is also robust against adversarial attempts in which the HTML code of the phishing page is carefully manipulated to evade detection. We empirically evaluate it on more than 5,500 webpages collected in the wild from compromised websites, showing that it is capable of detecting more than 99% of phishing webpages, while only misclassifying less than 1% of legitimate pages. We further show that the detection rate remains higher than 70% even under very sophisticated attacks carefully designed to evade our system.

show abstract

“…One approach is to compare the content of presumed phishing Web pages with the original Web page being phished as in [30], [31], [32], [33], [34]. The main shortcoming of such a method is that the site being phished must be first identified.…”

Section: Related Workmentioning

confidence: 99%

PhishStorm: Detecting Phishing With Streaming Analytics

Marchal

Jérôme

State

et al. 2014

IEEE Trans. Netw. Serv. Manage.

169

View full text Add to dashboard Cite

Abstract-Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due to the short lifetime of phishing Web sites, making recent approaches relying on real-time or proactive phishing URLs detection techniques more appropriate. In this paper we introduce PhishStorm, an automated phishing detection system that can analyse in real-time any URL in order to identify potential phishing sites. PhishStorm can interface with any email server or HTTP proxy. We argue that phishing URLs usually have few relationships between the part of the URL that must be registered (low level domain) and the remaining part of the URL (upper level domain, path, query). We show in this paper that experimental evidence supports this observation and can be used to detect phishing sites. For this purpose, we define the new concept of intra-URL relatedness and evaluate it using features extracted from words that compose a URL based on query data from Google and Yahoo search engines. These features are then used in machine learning based classification to detect phishing URLs from a real dataset. Our technique is assessed on 96,018 phishing and legitimate URLs that results in a correct classification rate of 94.91% with only 1.44% false positives. An extension for a URL phishingness rating system exhibiting high confidence rate (> 99%) is proposed. We discuss in the paper efficient implementation patterns that allow real time analytics using Big Data architectures like STORM and advanced data structures based on Bloom filter.

show abstract

An Anti-Phishing System Employing Diffused Information

Cited by 36 publications

References 59 publications

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

DeltaPhish: Detecting Phishing Webpages in Compromised Websites

PhishStorm: Detecting Phishing With Streaming Analytics

Contact Info

Product

Resources

About