Visual similarity-based phishing detection without victim site information

Hara, Masanori; Yamada, Akira; Miyake, Yutaka

doi:10.1109/cicybs.2009.4925087

Cited by 70 publications

(36 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous solutions involve clustering according to colors, fonts, and layout [27] to identify phishing sites visually similar to trusted sites. Hara et al [15] show that, given a large enough dataset of phishing sites, it is possible to automatically infer the site they are mimicking. These solutions are effective as long as the phishing attack is trying to mimic the aspect of a trusted website, but they do not cover other scam categories, such as fake pharmacies, dubious online retailers, or rogue antiviruses.…”

Section: Related Workmentioning

confidence: 99%

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

Corbetta

Invernizzi

Kruegel

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. With JavaScript and images at their disposal, web authors can create content that is immediately understandable to a person, but is beyond the direct analysis capability of computer programs, including security tools. Conversely, information can be deceiving for humans even if unable to fool a program. In this paper, we explore the discrepancies between user perception and program perception, using content obfuscation and counterfeit "seal" images as two simple but representative case studies. In a dataset of 149,700 pages we found that benign pages rarely engage in these practices, while uncovering hundreds of malicious pages that would be missed by traditional malware detectors. We envision that this type of heuristics could be a valuable addition to existing detection systems. To show this, we have implemented a proofof-concept detector that, based solely on a similarity score computed on our metrics, can already achieve a high precision (95%) and a good recall (73%).

show abstract

Section: Related Workmentioning

confidence: 99%

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

Corbetta

Invernizzi

Kruegel

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…To make the fast accessing system, I have defined the study points for the best possible solution. The studied criteria for the phishing have collected from the previous study [26,27,28]. Following are the study points of phishing criteria and the reason for taking these study points are discussed herewith.…”

Section: Research Criteria Of Url Content and Image Matchingmentioning

confidence: 99%

Experimental Analysis of Browser based Novel Anti-Phishing System Tool at Educational Level

Gupta¹,

Shukla²

2016

IJITCS

View full text Add to dashboard Cite

Abstract-In the phishing attack, the user sends their confidential information on mimic websites and face the financial problem, so the user should be informed immediately about the visiting website. According to the Third Quarter Phishing Activity Trends Report, there are 55,282 new phishing websites have been detected in the month of July 2014. To solve the phishing problem, a browser based add-on system may be one of the best solution to aware the user about the website type. In this paper, a novel browser based add-on system is proposed and compared its performance with the existing antiphishing tools. The proposed anti-phishing tool 'ePhish' is compared with the existing browser based antiphishing toolbars. All the anti-phishing tools have been installed in computer systems at an autonomous college to check their performance. The obtained result shows that if the task is divided into a group of systems, it can give better results. For different phishing features, the add-on system tool show around 97 percentage successful results at different case conditions. The current study would be very helpful to countermeasure the phishing attach and the proposed system is able to protect the user by phishing attacks. Since the system tool is capable of handling and managing the phishing website details, so it would be helpful to identify the category of the websites.

show abstract

“…Using this approach the researchers are able to classify fragments of a file, or embedded files to determine a file type; thus providing a key mitigation mechanism for common file masquerading attacks. Research conducted in [Hara et al 2009] shows how using simple methods to determine integrity, by checking and comparing visual similarity-bsaed phishing can provide accurate and effective results. The researchers demonstrate that by analysing the similarity between visual components in a website, without prior knowledge that it is an attack platform, they are able to automatically determine specific templating of websites that have been spoofed by a large degree of phishes sites.…”

Section: Technicalmentioning

confidence: 99%

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

2015

View full text Add to dashboard Cite

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

show abstract

Visual similarity-based phishing detection without victim site information

Cited by 70 publications

References 7 publications

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

Experimental Analysis of Browser based Novel Anti-Phishing System Tool at Educational Level

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Contact Info

Product

Resources

About