Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets
Loading...
Access rights
openAccess
acceptedVersion
URL
Journal Title
Journal ISSN
Volume Title
A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Date
Department
Major/Subject
Mcode
Degree programme
Language
en
Pages
11
Series
IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 323 - 333, International Conference on Distributed Computing Systems. Proceedings
Abstract
Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.Description
Keywords
Other note
Citation
Marchal, S, Saari, K, Singh, N & Asokan, N 2016, Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets. in IEEE 36th International Conference on Distributed Computing Systems (ICDCS) . International Conference on Distributed Computing Systems. Proceedings, IEEE, pp. 323 - 333, International Conference on Distributed Computing Systems, Nara, Japan, 27/06/2016. https://doi.org/10.1109/ICDCS.2016.10