Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets
Loading...
Access rights
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other work.
URL
Journal Title
Journal ISSN
Volume Title
School of Science |
A4 Artikkeli konferenssijulkaisussa
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Date
2016
Major/Subject
Mcode
Degree programme
Language
en
Pages
323-333
Series
Abstract
Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.Description
Keywords
computer crime, Internet, phishing detection, target identification
Other note
Citation
Marchal, Samuel & Saari, Kalle & Singh, Nidhi & Asokan, N.. 2016. Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets. 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), 27-30 June 2016, Nara, Japan. 323-333. 1063-6927 (electronic). 978-1-5090-1483-5 (electronic). DOI: 10.1109/icdcs.2016.10.