Phishing attacks arrive in high numbers and often spread quickly, meaning that after-the-fact countermeasures such as domain blacklisting are limited in efficacy. Visual similarity-based approaches have the potential of detecting previously unseen phishing webpages. These approaches, however, require identifying the legitimate webpage(s) they reproduce. Existing approaches rely on textual feature analysis for target identification, with misclassification rates of approximately 1%; however, as most websites a user might visit are legitimate, additional research is needed to further reduce classification errors. In this work, we propose a novel method for target identification that relies on both visual features (extracted from a screenshot of the web page) and textual features (extracted from the DOM of the web page) to identify which website a phishing web page is replicating, and assess its effectiveness in detecting phishing websites using data from phishing aggregators such as OpenPhish, PhishTank and PhishStats. Compared to state-of-the-art text-based classifiers, our method reduces the phishing misclassification rate by 67% (from 1.02% to 0.34%), for an accuracy of 99.66%. This work provides a further step forwards toward semi-automated decision support systems for phishing detection.
|Titel||16th International Conference on Availability, Reliability and Security, ARES 2021|
|Uitgeverij||Association for Computing Machinery, Inc|
|ISBN van elektronische versie||9781450390514|
|Status||Gepubliceerd - 17 aug 2021|
|Evenement||16th International Conference on Availability, Reliability and Security, ARES 2021 - Virtual, Online, Oostenrijk|
Duur: 17 aug 2021 → 20 aug 2021
|Naam||ACM International Conference Proceeding Series|
|Congres||16th International Conference on Availability, Reliability and Security, ARES 2021|
|Periode||17/08/21 → 20/08/21|
Bibliografische notaPublisher Copyright:
© 2021 ACM.