GlyphNet: Homoglyph domains dataset and detection using attention-based Convolutional Neural Networks

Cyber attacks deceive machines into believing something that does not exist in the first place. However, there are some to which even humans fall prey. One such famous attack that attackers have used over the years to exploit the vulnerability of vision is known to be a Homoglyph attack. It employs a primary yet effective mechanism to create illegitimate domains that are hard to differentiate from legit ones. Moreover, as the difference is pretty indistinguishable for a user to notice, they cannot stop themselves from clicking on these homoglyph domain names. In many cases, that results in either information theft or malware attack on their systems. Existing approaches use simple, string-based comparison techniques applied in primary language-based tasks. Although they are impactful to some extent, they usually fail because they are not robust to different types of homoglyphs and are computationally not feasible because of their time requirement proportional to the string length. Similarly, neural network-based approaches are employed to determine real domain strings from fake ones. Nevertheless, the problem with both methods is that they require paired sequences of real and fake domain strings to work with, which is often not the case in the real world, as the attacker only sends the illegitimate or homoglyph domain to the vulnerable user. Therefore, existing approaches are not suitable for practical scenarios in the real world. In our work, we created GlyphNet, an image dataset that contains 4M domains, both real and homoglyphs. Additionally, we introduce a baseline method for a homoglyph attack detection system using an attention-based convolutional Neural Network. We show that our model can reach state-of-the-art accuracy in detecting homoglyph attacks with a 0.93 AUC on our dataset

VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity

Phishing websites are still a major threat in today's Internet ecosystem. Despite numerous previous efforts, similarity-based detection methods do not offer sufficient protection for the trusted websites - in particular against unseen phishing pages. This paper contributes VisualPhishNet, a new similarity-based phishing detection framework, based on a triplet Convolutional Neural Network (CNN). VisualPhishNet learns profiles for websites in order to detect phishing websites by a similarity metric that can generalize to pages with new visual appearances. We furthermore present VisualPhish, the largest dataset to date that facilitates visual phishing detection in an ecologically valid manner. We show that our method outperforms previous visual similarity phishing detection approaches by a large margin while being robust against a range of evasion attacks

An Experiment to Create Awareness in People concerning Social Engineering Attacks

Social Engineering is the technique of obtaining confidential information from users, in a fraudulent way, with the purpose of using it against themselves, or against the organizations where they work. This study presents an experiment focused on raising awareness about the consequences of this type of attack, by executing a controlled attack on trustworthy people. To accomplish this, we have carried out a set of activities or tricks that attackers use to obtain information, inspiring the curiosity of social network contacts to visit a personal blog with fictitious information. In addition to this human interaction, a hidden plug-in has been installed to collect user information such as his IP address, country, operative system, and browser type. With the information collected, a pentesting attack has been done to ports 80 and 22, in order to collect more information. Finally, the results were shown to the victims. In addition, after the attack, users were surveyed about their knowledge of Phishing or Social Engineering. The results demonstrate that only 2% of people suspected or asked about the real reason to visit the Blog. Furthermore, it reveals that the people, who visited the blog, don not have any knowledge and awareness of how to steal sensitive information in a relatively simple way.La Ingeniería Social es la técnica que permite obtener información confidencial de los usuarios, de manera fraudulenta, con la finalidad de usarla en contra de ellos mismos, o de las organizaciones en las que laboran.  Este estudio presenta un experimento enfocado a crear conciencia acerca de las consecuencias de este tipo de ataque, mediante la ejecución de un ataque controlado a personas de confianza. Para lograrlo, se han llevado a cabo un conjunto de engaños y actividades, que los atacantes usan comúnmente para obtener información sensible, incentivando la curiosidad de los contactos de las redes sociales para que visiten un blog personal con información ficticia. A más de esta interacción humana, se ha instalado un complemento oculto y no deseado, para recolectar información del usuario tales como: su dirección IP, país de origen, sistema operativo y tipo de navegador. Con la información recolectada, se realizó un ataque de escaneo a los puertos 80 (Web server) y 22 (SSH Server), para encontrar más información sensible. Posteriormente, se muestran los resultados a las víctimas. Además, luego del ataque se realizó una encuesta a los usuarios acerca de su conocimiento de Phishing y de Ingeniería Social.  Los resultados muestran que únicamente el 2% de las personas, sospecharon o preguntaron acerca del verdadero motivo para visitar el Blog. Más aún, demuestra que las personas que visitaron el blog, no tienen conocimiento y conciencia de cómo se puede vulnerar información sensible de una forma relativamente sencilla