11 research outputs found
GlyphNet: Homoglyph domains dataset and detection using attention-based Convolutional Neural Networks
Cyber attacks deceive machines into believing something that does not exist
in the first place. However, there are some to which even humans fall prey. One
such famous attack that attackers have used over the years to exploit the
vulnerability of vision is known to be a Homoglyph attack. It employs a primary
yet effective mechanism to create illegitimate domains that are hard to
differentiate from legit ones. Moreover, as the difference is pretty
indistinguishable for a user to notice, they cannot stop themselves from
clicking on these homoglyph domain names. In many cases, that results in either
information theft or malware attack on their systems. Existing approaches use
simple, string-based comparison techniques applied in primary language-based
tasks. Although they are impactful to some extent, they usually fail because
they are not robust to different types of homoglyphs and are computationally
not feasible because of their time requirement proportional to the string
length. Similarly, neural network-based approaches are employed to determine
real domain strings from fake ones. Nevertheless, the problem with both methods
is that they require paired sequences of real and fake domain strings to work
with, which is often not the case in the real world, as the attacker only sends
the illegitimate or homoglyph domain to the vulnerable user. Therefore,
existing approaches are not suitable for practical scenarios in the real world.
In our work, we created GlyphNet, an image dataset that contains 4M domains,
both real and homoglyphs. Additionally, we introduce a baseline method for a
homoglyph attack detection system using an attention-based convolutional Neural
Network. We show that our model can reach state-of-the-art accuracy in
detecting homoglyph attacks with a 0.93 AUC on our dataset
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
Phishing websites are still a major threat in today's Internet ecosystem.
Despite numerous previous efforts, similarity-based detection methods do not
offer sufficient protection for the trusted websites - in particular against
unseen phishing pages. This paper contributes VisualPhishNet, a new
similarity-based phishing detection framework, based on a triplet Convolutional
Neural Network (CNN). VisualPhishNet learns profiles for websites in order to
detect phishing websites by a similarity metric that can generalize to pages
with new visual appearances. We furthermore present VisualPhish, the largest
dataset to date that facilitates visual phishing detection in an ecologically
valid manner. We show that our method outperforms previous visual similarity
phishing detection approaches by a large margin while being robust against a
range of evasion attacks
An Experiment to Create Awareness in People concerning Social Engineering Attacks
Social Engineering is the technique of obtaining confidential information from users, in a fraudulent way, with the purpose of using it against themselves, or against the organizations where they work. This study presents an experiment focused on raising awareness about the consequences of this type of attack, by executing a controlled attack on trustworthy people. To accomplish this, we have carried out a set of activities or tricks that attackers use to obtain information, inspiring the curiosity of social network contacts to visit a personal blog with fictitious information. In addition to this human interaction, a hidden plug-in has been installed to collect user information such as his IP address, country, operative system, and browser type. With the information collected, a pentesting attack has been done to ports 80 and 22, in order to collect more information. Finally, the results were shown to the victims. In addition, after the attack, users were surveyed about their knowledge of Phishing or Social Engineering. The results demonstrate that only 2% of people suspected or asked about the real reason to visit the Blog. Furthermore, it reveals that the people, who visited the blog, don not have any knowledge and awareness of how to steal sensitive information in a relatively simple way.La IngenierÃa Social es la técnica que permite obtener información confidencial de los usuarios, de manera fraudulenta, con la finalidad de usarla en contra de ellos mismos, o de las organizaciones en las que laboran. Este estudio presenta un experimento enfocado a crear conciencia acerca de las consecuencias de este tipo de ataque, mediante la ejecución de un ataque controlado a personas de confianza. Para lograrlo, se han llevado a cabo un conjunto de engaños y actividades, que los atacantes usan comúnmente para obtener información sensible, incentivando la curiosidad de los contactos de las redes sociales para que visiten un blog personal con información ficticia. A más de esta interacción humana, se ha instalado un complemento oculto y no deseado, para recolectar información del usuario tales como: su dirección IP, paÃs de origen, sistema operativo y tipo de navegador. Con la información recolectada, se realizó un ataque de escaneo a los puertos 80 (Web server) y 22 (SSH Server), para encontrar más información sensible. Posteriormente, se muestran los resultados a las vÃctimas. Además, luego del ataque se realizó una encuesta a los usuarios acerca de su conocimiento de Phishing y de IngenierÃa Social. Los resultados muestran que únicamente el 2% de las personas, sospecharon o preguntaron acerca del verdadero motivo para visitar el Blog. Más aún, demuestra que las personas que visitaron el blog, no tienen conocimiento y conciencia de cómo se puede vulnerar información sensible de una forma relativamente sencilla