Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

Published byAlberta Sabrina Bishop Modified over 9 years ago

Similar presentations

Presentation on theme: "Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep."— Presentation transcript:

1 Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

2 OUTLINE Introduction Our Approach Experimental Evaluation Conclusion And something else

3 Introduction – Phishing

4 Introduction – Related Work Email level solution ◦ Filters and content-analysis Browser-integrated solution ◦ SpoofGuard SpoofGuard ◦ PwdHash ◦ AntiPhish  Keeps track of sensitive information ◦ DOMAntiPhish  Compared the DOMs of the pages

5 Introduction – Related Work(cont.) But the most popular and widely- deployed solutions are based on the use of blacklists. ◦ IE 7 browser ◦ Google Safe Browsing ◦ NetCraft tool bar ◦ eBay tool bar ◦..etc

6 Introduction – Why Phishing Works Why Phishing Works Proc. CHI (2006) Why Phishing Works Proc. CHI (2006) ◦ SMTP does not contain any authentication mechanisms. ◦ About two million users gave information to spoofed websites resulting in direct losses of $1.2 billion (2003) ◦ 23% users base their trust only on page content

7 Introduction – Why Phishing Works(cont.) APWG detected more than 25,000 unique phishing URLs in Dec. 2007. “Do-it-yourself” phishing kits are being made available for download free of charge from the internet. More sophisticated phishing attacks. ◦ Application-level vulnerability Application-level vulnerability

8 Our Approach Base on browser plugin ◦ AntiPhish ◦ DOMAntiPhish Comparing the visual similarity

9 Our Approach – Signature Extraction Three features ◦ Text pieces  Content, color, size, font family, position ◦ Images embedded in the page  Src value, area, color, Haar compression, position ◦ Overall visual appearance of the page  Color and Haar compressionHaar compression Page signature: S(w) =

10 Our Approach – Signature comparison Similarity between textual contents:  d l (T, Tˆ): Levenshtein distance Similarity betwwen colors:  L 1 (C,Cˆ): 1-norm distance

11 Our Approach – Signature comparison Home banking Welcome! Copyright 2007 t 1 = t 2 = t 3 =

12 Our Approach – Signature comparison Your banking Welcome! T 1 = T 2 =

13 Our Approach – Signature comparison t 1 = T 1 =

14 Our Approach – Signature Similarity score s t : average the largest n elements of the S t Final similarity score: ◦ s = a t s t + a i s i + a o s o ◦ Threshold d  Two pages are similar if and only if s ≥ d

15 Experimental Evaluation Web page dissimilarity level ◦ Level 0: almost perfect visual match ◦ Level 1: some different element ◦ Level 2: noticeable differences Dataset ◦ 41 positive pairs (from PhishTank) ◦ 161 negative pairs (common web pages)

16 Experimental Evaluation(cont.) Training set ◦ 14 positive paris and 21 negative pairs  e k = 0, true positive or true negative |s - d|, otherwise ◦ s = a t s t + a i s i + a o s o  a t = 2.11, a i = 0.11, a o = 1.20  Threshold d = 0.956

17 Experimental Evaluation(cont.)

18 Figure 2: One of the two missed positive pairs

19 Experimental Evaluation(cont.) Environment ◦ Dual AMD Opteron 64, 8GB RAM, Linux OS Computation Time ◦ 3.8 sec for positive pairs ◦ A few milliseconds for negative pairs after optimization

20 Conclusion A comparison technique that eliminates the shortcomings of AntiPhish and DOMAntiPhish Can also be integrated into any other anti-phishing system that can provide a list of legitimate sites

21 And something else Visual similarity-based phishing detection without victim site information CICS '09. IEEECICS '09. IEEE Visual Similarity between Phished Sites Virtual screen of X window to display a web browser Use ImgSeek to find similar images

Download ppt "Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep."

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.
Basic Computer Skills Windows & the Internet.

Basic Computer Skills Windows & the Internet.
PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I

4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Starter for 10 Unit 6: Searching for your hobbies Transform IT SFT06_searching_hobbies.

Starter for 10 Unit 6: Searching for your hobbies Transform IT SFT06_searching_hobbies.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.

10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Detection of Internet Scam Using Logistic Regression

Detection of Internet Scam Using Logistic Regression
Www.infotech.monash.edu SIEVE—Search Images Effectively through Visual Elimination Ying Liu, Dengsheng Zhang and Guojun Lu Gippsland School of Info Tech,

SIEVE—Search Images Effectively through Visual Elimination Ying Liu, Dengsheng Zhang and Guojun Lu Gippsland School of Info Tech,
Improving web image search results using query-relative classifiers Josip Krapacy Moray Allanyy Jakob Verbeeky Fr´ed´eric Jurieyy.

Improving web image search results using query-relative classifiers Josip Krapacy Moray Allanyy Jakob Verbeeky Fr´ed´eric Jurieyy.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
1 New : Create your own message starting from scratch 2 New From Template: add professionally designed templates provided exclusively by Gorilla Contact.

1 New : Create your own message starting from scratch 2 New From Template: add professionally designed templates provided exclusively by Gorilla Contact.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Similar presentations

Ads by Google