January 31st, 2017 Samuel Marchal, Giovanni Armano, Kalle Saari*,

Slides:

Advertisements

Similar presentations

Advertisements

Large-Scale Entity-Based Online Social Network Profile Linkage.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.

Design and Evaluation of a Real-Time URL Spam Filtering Service

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

Page-level Template Detection via Isotonic Smoothing Deepayan ChakrabartiYahoo! Research Ravi KumarYahoo! Research Kunal PuneraUniv. of Texas at Austin.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Does Ajax suck? CS575 Spring 2007 Chanwit Suebsureekul.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Dawn Pedersen Art Institute. Introduction All your hard design work will suffer in anonymity if people can't find your site. The most common way people.

Large-Scale Cost-sensitive Online Social Network Profile Linkage.

Norman SecureSurf Protect your users when surfing the Internet.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

PhishScore: Hacking Phishers’ Minds

Dynamic Web Pages (Flash, JavaScript)

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Kelly rowland WHAT WE ALL NEED!!. hoppadon formly of village deuce mafia...the hottest rap don spitting!!

SURF:SURF: Detecting and Measuring Search Poisoning Long Lu, Roberto Perdisci, and Wenke Lee Georgia Tech and University of Georgia.

 Search Engine Search Engine  Steps to Search for webpages pertaining to a specific information Steps to Search for webpages pertaining to a specific.

2011/11/1 1 Long Lu, Wenke Lee College of Computing Georgia Inst. of Technology Roberto Perdisci Dept. of Computer Science University of Georgia.

11 A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval Reporter: 林佳宜 /10/17.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Presenter: Lung-Hao Lee ( 李龍豪 ) January 7, 309.

Microsoft Research1 Characterizing Alert and Browse Services for Mobile Clients Atul Adya, Victor Bahl, Lili Qiu Microsoft Research USENIX Annual Technical.

Lecture 6 Title: Web Planning, Designing, Developing for E-Marketing By: Mr Hashem Alaidaros MKT 445.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

Analysis. Solution Requirements 1. Identify the functions and attributes of the website. 2. Write a problem statement. (What is the problem? What will.

Accessing and Using Fire-Related Data with the CAPITA DataFed.net* Services Framework Stefan Falke Rudolf Husar Kari Hoijarvi Washington University in.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Phishing Website Detection & Target Identification October 30 th, 2015 Samuel Marchal*, Kalle Saari*, Nidhi Singh †, N.Asokan* *Aalto University - † Intel.

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.

Ajax for Dynamic Web Development Gregory McChesney.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

Usable Privacy and Security and Mobile Social Services Jason Hong

Technical Vocabulary learning using Wikipedia Alex Yu.

Introduction. Internet Worldwide collection of computers and computer networks that link people to businesses, governmental agencies, educational institutions,

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

Off the Hook: Real-Time Client- Side Phishing Prevention System July 28 th, 2016 University of Helsinki Samuel Marchal*, Giovanni Armano*, Kalle Saari*,

Client-Side Malware Protection for your site

The Role of Tool Support in Public Policies and Accessibility

Access Problems and Solutions for Full-text Articles or E-books

Classifications of Software Requirements

Automated Experiments on Ad Privacy Settings

Based on Menu Information

E-commerce | WWW World Wide Web - Concepts

E-commerce | WWW World Wide Web - Concepts

FRESH-PHISH A FRAMEWORK FOR AUTO-DETECTION OF PHISHING WEBSITES

High Points CSCI 1710 Spring 2016.

HTML Vocabulary.

Dynamic Web Pages (Flash, JavaScript)

SEARCH ENGINE OPTIMIZATION SEO. What is SEO? It is the process of optimizing structure, design and content of your website in order to increase traffic.

Automatic and Precise Client-Side Protection against CSRF Attacks

High Points CSCI 1710 Fall 2017.

Chapter 27 WWW and HTTP.

Welcome and thank you for choosing SharkGate

Access Problems and Solutions for Full-text Articles or E-books

SEO Course Outlines.

Dynamic Web Pages Jin Wu INF 385E Information Architecture

The Web Wizard’s Guide To JavaScript

Trust and Culture on the Web

What is the World Wide Web (www)

International University of Japan

Approaching an ML Problem

A Classification-based Approach to Question Routing in Community Question Answering Tom Chao Zhou 22, Feb, 2010 Department of Computer.

INFS 230 L Internet Technology

Introduction to JavaScript

Netways E-Learning Management System

High Points CSCI 1210.

Presentation transcript:

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*, Tommi Gröndahl*, Nidhi Singh†, N.Asokan* *Aalto University - †Intel Security samuel.marchal@aalto.fi

Requirements for phishing detection Accuracy: high detection rate with low misidentification of legitimate webpages as phish. Context independent detection: not dependent on any observed language or brand. Temporal resilience: accuracy does not degrade overtime. Resilience to dynamic phish: different content can be delivered to different user User privacy: no disclosure of browsing history Effective protection: fast decision and effective warning

Client-side implementation Decision relies only on information available to a web browser: Privacy preservation Resilient to dynamic phish Starting URL Landing URL Redirection chain Logged links HTML source code: Text Title HREF links Copyright

Modeling phisher limitations Phishers have different level of control and are placed under some constraints while building a webpage: Control: External loaded content (logged links) and external HREF links are not controlled by page owner. Constraints: Registered domain name part of URL cannot be freely defined: constrained by registration (DNS) policies. Accurate decision Temporal resilience

Use few but dynamic features 210 dynamic features computed from data sources: URL features (106) Term usage consistency (66) Usage of starting and landing mld (22) RDN usage (13) Webpage content (5) Gradient Boosting classification (supervised) Context independent decision Fast decision

Relevant warnings Redirection to the target of the phish / no technical jargon

System Accuracy (language independence) Classifier Training: 4,531 English legitimate webpages 1,036 phishing webpages Assessment: Legitimate webpages: 100,000 English 10,000 each in French, German, Italian, Portuguese and Spanish 1,216 phishing webpages

System Accuracy (language independence) ROC Curve Precision vs. Recall 100,000 English legitimate / 1,216 phishs (≈ real world repartition) Precision Recall FP Rate AUC Accuracy 0.956 0.958 0.0005 0.999

Accuracy comparison FPR Precision Recall Accuracy Cantina (CMU) 0.03 0.212 0.89 0.969 Cantina+ (CMU) 0.013 0.964 0.955 0.97 Ma et al. (UCB) 0.001 0.998 0.924 Whittaker et al. (Google) 0.0001 0.989 0.915 0.999 Monarch (UCB) 0.003 0.961 0.734 0.866 Our method 0.0005 0.956 0.958

Performance Memory footprint Impact on Web surfing 295 MB Phishing webpages: Interaction blocked in < 0.2 second Warning displayed (and target identified) in < 2 seconds Legitimate webpages: None (albeit false positives)

Thank You https://ssg.aalto.fi/projects/phishing/

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*, Tommi Gröndahl*, Nidhi Singh†, N.Asokan* *Aalto University - †Intel Security samuel.marchal@aalto.fi