How Phishing Pages Look Like?

Bartoli, A.; De Lorenzo, A.; Medvet, E.; Tarlao, F.

doi:10.2478/cait-2018-0047

Abstract

Recent phishing campaigns are increasingly targeted to specific, small population of users and last for increasingly shorter life spans. There is thus an urgent need for developing defense mechanisms that do not rely on any forms of blacklisting or reputation: there is simply no time for detecting novel phishing campaigns and notify all interested organizations quickly enough. Such mechanisms should be close to browsers and based solely on the visual appearance of the rendered page. One of the major impediments to research in this area is the lack of systematic knowledge about how phishing pages actually look like. In this work we describe the technical challenges in collecting a large and diverse collection of screenshots of phishing pages and propose practical solutions. We also analyze systematically the visual similarity between phishing pages and pages of targeted organizations, from the point of view of a similarity metric that has been proposed as a foundation for visual phishing detection and from the point of view of a human operator.

References

1. The Human Factor: People-Centered Threats Define the Landscape [Internet]. Proofpoint, 2018. https://www.proofpoint.com/us/human-factor-2018
Search in Google Scholar Back to article
2. Lazar, L. Our Analysis of 1,019 Phishing Kits – Blog | Imperva. – In: Blog | Imperva [Internet]. 4 January 2018 [cited 4 July 2018]. https://www.imperva.com/blog/2018/01/our-analysis-of-1019-phishing-kits/
Search in Google Scholar Back to article
3. Maurer, M.-E., D. Herzner. Using Visual Website Similarity for Phishing Detection and Reporting. – CHI’12 Extended Abstracts on Human Factors in Computing Systems, New York, NY, USA, ACM, 2012, pp. 1625-1630.10.1145/2212776.2223683
Search in Google Scholar Back to article
4. Afroz, S., R. Greenstadt. PhishZoo: Detecting Phishing Websites by Looking at Them. – In: 2011 IEEE 5th International Conference on Semantic Computing, 2011, pp. 368-375.10.1109/ICSC.2011.52
Search in Google Scholar Back to article
5. Chen, T.-C., S. Dick, J. Miller. Detecting Visually Similar Web Pages: Application to Phishing Detection. – ACM Trans. Internet Technol., New York, NY, USA, ACM, Vol. 10, 2010, pp. 5:1-5:38.10.1145/1754393.1754394
Search in Google Scholar Back to article
6. Medvet, E., E. Kirda, C. Kruegel. Visual-Similarity-Based Phishing Detection. – In: Proc. of 4th International Conference on Security and Privacy in Communication Netowrks, New York, NY, USA, ACM, 2008, pp. 22:1-22:6.10.1145/1460877.1460905
Search in Google Scholar Back to article
7. Lowe, D. G. Distinctive Image Features from Scale-Invariant Keypoints. – Int. J. Comput. Vis., Vol. 60, 2004, pp. 91-110.10.1023/B:VISI.0000029664.99615.94
Search in Google Scholar Back to article
8. Bay, H., A. Ess, T. Tuytelaars, L. Van Gool. Speeded-Up Robust Features (SURF). – Comput Vis Image Underst., Vol. 110, 2008, pp. 346-359.10.1016/j.cviu.2007.09.014
Search in Google Scholar Back to article
9. Medvet, E., A. Bartoli, G. Davanzo, A. D. Lorenzo. Automatic Face Annotation in News Images by Mining the Web. – In: Proc. of 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology, 2011, pp. 47-54.10.1109/WI-IAT.2011.101
Search in Google Scholar Back to article
10. De Lorenzo, A., E. Medvet, F. Tarlao, A. Bartoli. Personalized, Browser-Based Visual Phishing Detection Based on Deep Learning. – In: Proc. of 13th International Conference on Risks and Security of Internet and Systems (CRiSIS).
Search in Google Scholar Back to article
11. Chen, T.-C., T. Stepan, S. Dick, J. Miller. An Anti-Phishing System Employing Diffused Information. – ACM Trans. Inf. Syst. Secur., New York, NY, USA, ACM, Vol. 16, 2014, pp. 16:1-16:31.10.1145/2584680
Search in Google Scholar Back to article
12. Cilibrasi, R., P. M. B. Vitanyi. Clustering by Compression. – IEEE Trans. Inf. Theory, Piscataway, NJ, USA, IEEE Press, Vol. 51, 2005, pp. 1523-1545.10.1109/TIT.2005.844059
Search in Google Scholar Back to article
13. Vázquez, P.-P., J. Marco. Using Normalized Compression Distance for Image Similarity Measurement: An Experimental Study. – Vis. Comput., Vol. 28, 2012, pp. 1063-1084.10.1007/s00371-011-0651-2
Search in Google Scholar Back to article
14. Axelsson, S. Using Normalized Compression Distance for Classifying File Fragments. – In: Proc. of 2010 International Conference on Availability, Reliability and Security, 2010, pp. 641-646.10.1109/ARES.2010.100
Search in Google Scholar Back to article
15. Telles, G. P., R. Minghim, F. V. Paulovich. Normalized Compression Distance for Visual Analysis of Document Collections. – Comput. Graph., Vol. 31, 2007, pp. 327-337.10.1016/j.cag.2007.01.024
Search in Google Scholar Back to article
16. Bartoli, A., G. Davanzo, E. Medvet. The Reaction Time to Web Site Defacements. – IEEE Internet Comput, Vol. 13, 2009, pp. 52-58. ieeexplore.ieee.org10.1109/MIC.2009.91
Search in Google Scholar Back to article

How Phishing Pages Look Like?

Abstract

Paradigm

My account