622 research outputs found
DeltaPhish: Detecting Phishing Webpages in Compromised Websites
The large-scale deployment of modern phishing attacks relies on the automatic
exploitation of vulnerable websites in the wild, to maximize profit while
hindering attack traceability, detection and blacklisting. To the best of our
knowledge, this is the first work that specifically leverages this adversarial
behavior for detection purposes. We show that phishing webpages can be
accurately detected by highlighting HTML code and visual differences with
respect to other (legitimate) pages hosted within a compromised website. Our
system, named DeltaPhish, can be installed as part of a web application
firewall, to detect the presence of anomalous content on a website after
compromise, and eventually prevent access to it. DeltaPhish is also robust
against adversarial attempts in which the HTML code of the phishing page is
carefully manipulated to evade detection. We empirically evaluate it on more
than 5,500 webpages collected in the wild from compromised websites, showing
that it is capable of detecting more than 99% of phishing webpages, while only
misclassifying less than 1% of legitimate pages. We further show that the
detection rate remains higher than 70% even under very sophisticated attacks
carefully designed to evade our system.Comment: Preprint version of the work accepted at ESORICS 201
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
Phishing websites are still a major threat in today's Internet ecosystem.
Despite numerous previous efforts, similarity-based detection methods do not
offer sufficient protection for the trusted websites - in particular against
unseen phishing pages. This paper contributes VisualPhishNet, a new
similarity-based phishing detection framework, based on a triplet Convolutional
Neural Network (CNN). VisualPhishNet learns profiles for websites in order to
detect phishing websites by a similarity metric that can generalize to pages
with new visual appearances. We furthermore present VisualPhish, the largest
dataset to date that facilitates visual phishing detection in an ecologically
valid manner. We show that our method outperforms previous visual similarity
phishing detection approaches by a large margin while being robust against a
range of evasion attacks
Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach
Abstract. Many visual similarity-based phishing page detectors have been developed to detect phishing webpages, however, scammers now cre-ate polymorphic phishing pages to breach the defense of those detectors. We call this kind of countermeasure phishing page polymorphism. Poly-morphic pages are visually similar to genuine pages they try to mimic, but they use different representation techniques. It increases the level of difficulty to detect phishing pages. In this paper, we propose an effective detection mechanism to detect polymorphic phishing pages. In contrast to existing approaches, we analyze the layout of webpages rather than the HTML codes, colors, or content. Specifically, we compute the sim-ilarity degree of a suspect page and an authentic page through image processing techniques. Then, the degrees of similarity are ranked by a classifier trained to detect phishing pages. To verify the efficacy of our phishing detection mechanism, we collected 6, 750 phishing pages and 312 mimicked targets for the performance evaluation. The results show that our method achieves an excellent detection rate of 99.6%.
Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies
Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed
Detecting Cloud-Based Phishing Attacks by Combining Deep Learning Models
Web-based phishing attacks nowadays exploit popular cloud web hosting
services and apps such as Google Sites and Typeform for hosting their attacks.
Since these attacks originate from reputable domains and IP addresses of the
cloud services, traditional phishing detection methods such as IP reputation
monitoring and blacklisting are not very effective. Here we investigate the
effectiveness of deep learning models in detecting this class of cloud-based
phishing attacks. Specifically, we evaluate deep learning models for three
phishing detection methods--LSTM model for URL analysis, YOLOv2 model for logo
analysis, and triplet network model for visual similarity analysis. We train
the models using well-known datasets and test their performance on phishing
attacks in the wild. Our results qualitatively explain why the models succeed
or fail. Furthermore, our results highlight how combining results from the
individual models can improve the effectiveness of detecting cloud-based
phishing attacks
A Review on Malicious URL Detection using Machine Learning Systems
Malicious web sites pretendsignificant danger to desktop security and privacy.These links become instrumental in giving partial or full system control to the attackers. This results in victim systems, which get easily infected and, attackers can utilize systems for various cyber-crimes such as stealing credentials, spamming, phishing, denial-of-service and many more such attack. Detection of such website is difficult because of thephishing campaigns and the efforts to avoid blacklists.To look for malicious URLs, the first step is usually to gather URLs that are liveon the Internet. There are various stages to detect this URLs such as collection of dataset, extracting feature using different feature extraction techniques and Classification of extracted feature. This paper focus on comparative analysis of malicious URL detection techniques
NoFish; Total Anti-Phishing Protection System
Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although software companies launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, 201C;No Fish201D; is a total anti-phishing protection system created especially for end-users as well as for organizations. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data
- …