Bait Alarm: Anti-Phishing using visual similarities (original) (raw)
Related papers
Phishing implies an activity where an individual or a group of individuals attempt to obtain sensitive user information thus, threatening the financial or identity-related security of other individuals. Few of the preventive measures currently being taken in the said direction are: spam filtering, better authentication and detecting infringed domain-names. Better mutual authentication needs awareness on the user's part and it requires exhaustive efforts from the user's and the respective organization's side. The proposed paper aims at using a hybrid approach as the way to find web page similarities. As CSS is a commonly used technology used to define visual appearances of web pages. This paper exploits it as a way to compare genuine websites against phishing ones in order to warn the user against such attacks. Besides this, the other algorithms such as Ob-URL detection algorithm and Google safe browsing are used for enhancing the accuracy of detecting the fraudulent websites. This paper takes us through the insides of the above mentioned approach.
Intelligent phishing detection system using similarity matching algorithms
International Journal of Information and Communication Technology, 2018
Today, phishing attack is one of the most common and serious threat over internet. It is used to fraud users and steal their personal information either by using spoofed e-mails or fake websites or both. In this paper, we proposed a novel intelligent phishing detection system, i.e., CSS and URI matching-based phishing detection system (CUMP) to detect zero-day phishing attacks. Our proposed approach is based on the concept of uniform resource identifier (URI) and cascading style sheet (CSS) matching. This concept is used, as phisher always tries to mimic the URI pattern and visual design in the hope that even experienced user will not be able to detect phishing website by visualisation. To mimic the visual appearance, phishers generally use same CSS style. Without using same CSS, it is very difficult to achieve the same design. To defend against phishing websites attacks especially 'zero-day' attacks, our proposed system used the basic properties of any phishing attacks for URI and CSS matching. Our proposed solution is very effective in detecting a wide range of website phishing attacks with TP and TN rate of 93.27% and 100%, respectively and results in less false positive rate.
Cyber Sensing 2012, 2012
Phishing website analysis is largely still a time-consuming manual process of discovering potential phishing sites, verifying if suspicious sites truly are malicious spoofs and if so, distributing their URLs to the appropriate blacklisting services. Attackers increasingly use sophisticated systems for bringing phishing sites up and down rapidly at new locations, making automated response essential. In this paper, we present a method for rapid, automated detection and analysis of phishing websites. Our method relies on near real-time gathering and analysis of URLs posted on social media sites. We fetch the pages pointed to by each URL and characterize each page with a set of easily computed values such as number of images and links. We also capture a screen-shot of the rendered page image, compute a hash of the image and use the Hamming distance between these image hashes as a form of visual comparison. We provide initial results demonstrate the feasibility of our techniques by comparing legitimate sites to known fraudulent versions from Phishtank.com, by actively introducing a series of minor changes to a phishing toolkit captured in a local honeypot and by performing some initial analysis on a set of over 2.8 million URLs posted to Twitter over a 4 days in August 2011. We discuss the issues encountered during our testing such as resolvability and legitimacy of URL's posted on Twitter, the data sets used, the characteristics of the phishing sites we discovered, and our plans for future work.
Antiphishing Model with URL & Image based Webpage Matching
2012
is a form of online identity theft associated with both social engineering and technical subterfuge and a major threat to information security and personal privacy. Many anti- phishing solutions, such as content analysis and HTML code analysis, rely on this property to detect fake web pages. However, these techniques failed, as phishers are now composing phishing pages with non-analyzable elements, such as images and flash objects. This paper proposes a new phishing detection scheme based on an URL domain identity & webpage image matching. At first, it identifies the similar authorized URL, using divide rule approach and approximate string matching algorithm. For this similar URL and input URL, the IP addresses will be identified. If their IP addresses doesn't match with each other, then it could be phishing URL and phase-I phishing report will be generated. Then, this suspected URL's webpage snapshot will be treated as an image during phase-II. In phase-II, keypoints will b...
IASET, 2013
Phishing is an act or fraudulent activity performed by an individual or group to steal or thieve sensitive information of users such as passwords, credit card numbers for malicious purposes, identity theft and financial gain. With the widespread use of Internet most of the people are using online commerce, they are aware of phishing attacks but unaware of how to detect and avoid phishing attacks. Here we have discussed various approaches that are used to avoid phishing attacks. In this paper we have proposed a new method that can be used to detect and prevent phishing attacks. The proposed method makes use of visual cryptography.
An Innovative Framework for the Detection andPrediction of Phishing Websites
International Journal of Innovative Research in Science, Engineering and Technology, 2014
With the advent of internet, various online attacks has been increased and among them the most popular attack is phishing.Phishing is an attempt by an individual or a group to get personal confidential information such as passwords, credit card information from unsuspecting victims for identity theft, financial gain and other fraudulent activities. In recent years phishing is a technique used for cyber crimes. Spoofing is a new type of cyber crime in this globalisation era. Spoofing refers tricking computer systems or computer users by hiding one‟s identity or faking the identity of another user on the Internet.E-mail spoofing means sending messages from a bogus e-mail address or faking the e-mail ID of another user. This paper employs back propagation network for identifying malicious URL‟s in a network .It has been observed that the method predicts the phishing website more accurately when compared to any other learning algorithms.
Detection and Prevention of Phishing Attack: An Approach for Eradication of Phishing
Phishing is like masquerading the trusted party to acquire the sensitive information from users. Phishing attacks are usually carried out through fake websites, fake URLs, fake attachments in emails, fake messages. The main aim of phishing attack is to fool the users by finding the weakness of the user. One of the best step to be taken to avoid this attack is that to educate the users about the fake links given in the website, where they should not visit such links and give the required credentials. Anyhow to make understand the user about the phishing attack becomes unrealistic, attackers find many ways to fool the users for browsing the fake website where they are given their personal credentials. Here in the proposed system there are two methods one is, the urls are considered from email, keyword search, website and compared with the database and the second method is to detect Phishing through image.
Phasing the WEB sites is the most dangerous threat posed in proper functioning of the WEB sites especially those that are concerned with e-commerce sites and those sites that deal confidential information of the users such as details related to banking. Many attackers mimic the web pages of the application that collect confedentional information of the users. It has been a challenge to recognize the web pages instated by the attackers and then take corrective actions so that the users are exploited. Many have attempted to detect the Phasing pages based on visual similarity and the attackers mimic the WEB pages such that it quite complicated to detect the Phishing pages. In this paper a method and an approach presented that is centered on conditional information collected through the WEB pages without much bothering about the Visual presentation of the content or the layout. A repository of the word phrases which are type identified are maintained that are related to confidential information. The confidential data related to a set of Phished pages obtained from Phishedpages.com are generated and stored in a database. Every time A web page is to be processed, confidential data refereed in the WEB page is extracted in consideration with the database of repository of confidential data phrases and the similarly of the same is detected based on Euclidian distance. The process of detection is done on the WEB server side with the client hinted with the possibility of Phishing.
NEW PHISHING HYBRID DETECTION FRAMEWORK
2018
Internet use is growing every day, accessing a website via its URL (Uniform Resource Locator) address is a daily task, but not all websites are benign to be accessed without any fear from malicious aims-not matter where those websites are being accessed from (Web Browsers, e-mails body, chat application, SMS, VoIP) neither the nature of the operating system or the device. Our thesis aim is being able to detect the kind of websites that try to steal any user's (normal users, communities, societies, laboratories, etc.) personal information like name, date of birth, e-mail, credentials, login and passwords from e-banking services for example or any other web services. Unlike traditional techniques that consists of penetrating data sources of web services providers by decrypting algorithms, the man idea of this kind of criminal activities is letting the victims give those informations unconsciously, by creating fake emails or websites that looks very similar of original ones and tell victims to fill some forms with their informations for some fake reason, this technique is called phishing. This article aims to discuss some used techniques in detecting phishing websites, like Blacklist based, Lexical based, Content based and Security and Identity based methods combined with some machine learning classifier to classify if a test URL is a safe or phishing website and to propose a new hybrid framework to detect phishing web pages from only their URL without need to access it visually with a browser. The data used for building the model and classification is a collection of active phishing websites gathered from PhishTank[1].