Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fraud Detection CNN designed for anti-phishing. Contents Recap PhishZoo Approach Initial Approach Early Results On Deck.

Published byMorgan Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Fraud Detection CNN designed for anti-phishing. Contents Recap PhishZoo Approach Initial Approach Early Results On Deck."— Presentation transcript:

1 Fraud Detection CNN designed for anti-phishing

2 Contents Recap PhishZoo Approach Initial Approach Early Results On Deck

3 Recap GOAL: build a real-time phish detection API public boolean isitphish(string URL){ }

4 Recap Phishing is a BIG problem that costs the global private economy >$11B/yr

5 Recap Previous inspiration and vision based detection frameworks – J Chen, C Huang et al, Fighting Phishing with Discriminative Keypoint Features, IEEE Computer Society, 2009 – G Wang, H. Liu et al, Verilogo: Proactive Phishing Detection via Logo Recognition, Technical Report CS2011-0969 – S Afroz, R Greenstadt, PhishZoo: Detecting Phishing Websites by Looking at Them, Semantic Computing, 2011

6 Recap Why Deep CNN’s? – Traditional computer vision has failed – Many objects – Sparse data – Performance – Adversarial problem

7 Recap Bottom Line: detect targeted brand trademarks on web images

8 Recap So we might miss this…

9 Recap But we’ll catch this…

10 Recap Bottom Line: detect targeted brand trademarks on web images – Accuracy – False Positives – Performance

11 PhishZoo Approach Model PhishZoo (Afroz et al) approach – 1000 phishing examples from PhishTank.com – 200 ‘false positives’ sites from Alexa.com/topsites

12 PhishZoo Approach Model PhishZoo (Afroz et al) approach – 1000 phishing examples from PhishTank.com – 200 ‘false positives’ sites from Alexa.com/topsites – ‘Profile Brands’

13 PhishZoo Approach Model PhishZoo (Afroz et al) approach – Benchmark results: compare with pure images for “apples to apples” comparison

14 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data – 11 brands

15 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data – 11 brands – Each brand had multiple logo variants (27 total) Eg. Paypal has five

16 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data – 11 brands – Each brand had multiple logo variants (27 total) – Decouple text logos from picture logos

17 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data – 11 brands – Each brand had multiple logo variants (27 total) – Decouple text logos from picture logos – Synthesize training data for each case by randomly re-cropping (100 per logo variant)

18 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data – 11 brands – Each brand had multiple logo variants (27 total) – Decouple text logos from picture logos – Synthesize training data for each case by randomly re-cropping (100 per logo variant) – Each re-cropping is done from full screen

19 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data Use 2000 ImageNet sample for false positives

20 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data Use 2000 ImageNet sample for false positives Install Caffe and use standard ILSVRC model – Python interface – CPU mode – bvlc_reference_caffenet

21 Initial Approach - Training Collect all logo variants for ‘profiled’ brands, and synthesize training data Use 2000 ImageNet sample for false positives Install Caffe and use standard ILSVRC model Generate fc7 features using pre-trained ILSVRC model to train SVM – Similar approach to Simonyan et al – Use sklearn’s multi-class SVM – Apply grid search to find optimal C and gamma

22 Initial Approach - Testing Get PhishZoo data from Sadia et al. – Sadia sent PhishZoo dataset that was ‘similar’ to one used in paper; contains 945 phish pages – 730 of the 945 contained brand logo images – 730 set consists of replicates of smaller set of 23 logo images

23 Initial Approach - Testing Get PhishZoo data from Sadia et al. 8000 ImageNet sample for false positives

24 Initial Approach - Testing Get PhishZoo data from Sadia et al. 8000 ImageNet sample for false positives Apply sliding window search for testing – Four degrees of freedom [x, y, scale, shape] Vertical and horizontal stride lengths of 5 pixels 5 different scales ranging from 0.3 to 0.9 the height 5 different box shapes

25 Early Results Detect 18/23 logo images accurately (78%)

26 Early Results Detect 18/23 logo images accurately (78%) – Detection errors

27 Early Results Detect 18/23 logo images accurately (78%) False positive on the sliding window images in 5 cases

28 Early Results Detect 18/23 logo images accurately (78%) False positive on the sliding window images in 5 cases

29 Early Results Detect 18/23 logo images accurately (78%) False positive on the sliding window images in 5 cases No false positives on the 8000 ImageNet sample

30 Early Results Performance – CNN + SVM runs ~ 250ms/image on CPU – Sliding window with 4 degrees of freedom running on 200x200 image can search ~10^6 sub-images – Lesson: CPU-mode + sliding window = death

31 Early Results Observations – All of the detection errors were < 25 pixels; the smallest training example is ~40 pixels

32 Early Results Observations – All of the detection errors were < 25 pixels; the smallest training example is ~40 pixels – Our big mistake: used ImageNet samples to train/test model on negative examples that were used to pre-train the ILSVRC model!

33 Early Results Our big mistake: used ImageNet samples to train/test model on negative examples that were used to pre-train the ILSVRC model! – SVM grid search had perfect cross validation region, should have been a give away

34 On Deck Fix mistake; get ‘other’ data for false positive training

35 On Deck Fix mistake; get ‘other’ data for false positive training Synthesize training data at the scale that the human eye can detect trademarks

36 On Deck Fix mistake; get ‘other’ data for false positive training Synthesize training data at the scale that the human eye can detect trademarks Synthesize data for adversarial effects

37 On Deck Fix mistake; get ‘other’ data for false positive training Synthesize training data at the scale that the human eye can detect trademarks Synthesize data for adversarial effects

38 On Deck Fix mistake; get ‘other’ data for false positive training Synthesize training data at the scale that the human eye can detect trademarks Synthesize data for adversarial effects Use training data that is graphically rendered, not photographed data

39 On Deck Fix mistake; get ‘other’ data for false positive training Synthesize training data at the scale that the human eye can detect trademarks Synthesize data for adversarial effects Use training data that is graphically rendered, not photographed data

40 On Deck Data 2.0: download phish pages directly from PhishTank.com database (~1,500/day)

41 On Deck Data 2.0: download phish pages directly from PhishTank.com database (~1,500/day) Real web-image data 100-1000x phish size

42 On Deck Data 2.0: download phish pages directly from PhishTank.com database (~1,500/day) Real web-image data 100-1000x phish size CPU  GPU (250ms/image  1ms/image)

43 On Deck Data 2.0: download phish pages directly from PhishTank.com database (~1,500/day) Real web-image data 100-1000x phish size CPU  GPU (250ms/image  1ms/image) Sliding window  R-CNN – 10^6 regions/image  10^2 or 10^3/image – Koen van de Sande’s code available on Caffe – May re-use own region proposal code

44 On Deck Data 2.0: download phish pages directly from PhishTank.com database (~1,500/day) Real web-image data 100-1000x phish size CPU  GPU (250ms/image  1ms/image) Sliding window  R-CNN Try sliding cascade approach – eg. color histograms, Haar filters, (Farfade et al. http://arxiv.org/abs/1502.02766)

45 On Deck Target for API (big picture) – Accuracy* (99.9%) – False Positives (2%) – Performance (<10ms/page) *Accuracy defined as sites using trademarked visual content illicitly Daily measured on 1,500 PhishTank examples and 1,000,000+ web images

46 On Deck Target for API (big picture)

47 On Deck Finalists at Hi-Tech Venture Challenge April 23 rd at 4pm in Davis Auditorium

Download ppt "Fraud Detection CNN designed for anti-phishing. Contents Recap PhishZoo Approach Initial Approach Early Results On Deck."

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
Human Detection Phanindra Varma. Detection -- Overview  Human detection in static images is based on the HOG (Histogram of Oriented Gradients) encoding.

Human Detection Phanindra Varma. Detection -- Overview  Human detection in static images is based on the HOG (Histogram of Oriented Gradients) encoding.
Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,

Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,
Content-Based Image Retrieval

Content-Based Image Retrieval
Classification spotlights

Classification spotlights
Ming-Ming Cheng 1 Ziming Zhang 2 Wen-Yan Lin 3 Philip H. S. Torr 1 1 Oxford University, 2 Boston University 3 Brookes Vision Group Training a generic objectness.

Ming-Ming Cheng 1 Ziming Zhang 2 Wen-Yan Lin 3 Philip H. S. Torr 1 1 Oxford University, 2 Boston University 3 Brookes Vision Group Training a generic objectness.
Image Information Retrieval Shaw-Ming Yang IST 497E 12/05/02.

Image Information Retrieval Shaw-Ming Yang IST 497E 12/05/02.
Karen Simonyan Andrew Zisserman

Karen Simonyan Andrew Zisserman
Large Scale Visual Recognition Challenge (ILSVRC) 2013: Detection spotlights.

Large Scale Visual Recognition Challenge (ILSVRC) 2013: Detection spotlights.
Lecture 31: Modern object recognition

Lecture 31: Modern object recognition
Face Alignment at 3000 FPS via Regressing Local Binary Features

Face Alignment at 3000 FPS via Regressing Local Binary Features
Large-Scale Object Recognition with Weak Supervision

Large-Scale Object Recognition with Weak Supervision
Recognition of Traffic Lights in Live Video Streams on Mobile Devices

Recognition of Traffic Lights in Live Video Streams on Mobile Devices
Real-time Embedded Face Recognition for Smart Home Fei Zuo, Student Member, IEEE, Peter H. N. de With, Senior Member, IEEE.

Real-time Embedded Face Recognition for Smart Home Fei Zuo, Student Member, IEEE, Peter H. N. de With, Senior Member, IEEE.
1 Integration of Background Modeling and Object Tracking Yu-Ting Chen, Chu-Song Chen, Yi-Ping Hung IEEE ICME, 2006.

1 Integration of Background Modeling and Object Tracking Yu-Ting Chen, Chu-Song Chen, Yi-Ping Hung IEEE ICME, 2006.
1 Automated Feature Abstraction of the fMRI Signal using Neural Network Clustering Techniques Stefan Niculescu and Tom Mitchell Siemens Medical Solutions,

1 Automated Feature Abstraction of the fMRI Signal using Neural Network Clustering Techniques Stefan Niculescu and Tom Mitchell Siemens Medical Solutions,
Spatial Pyramid Pooling in Deep Convolutional

Spatial Pyramid Pooling in Deep Convolutional
© 2013 IBM Corporation Efficient Multi-stage Image Classification for Mobile Sensing in Urban Environments Presented by Shashank Mujumdar IBM Research,

© 2013 IBM Corporation Efficient Multi-stage Image Classification for Mobile Sensing in Urban Environments Presented by Shashank Mujumdar IBM Research,
Generic object detection with deformable part-based models

Generic object detection with deformable part-based models
Multiclass object recognition

Multiclass object recognition

Similar presentations

Ads by Google