PhishMatch: A Layered Approach for Effective Detection of Phishing URLs
- URL: http://arxiv.org/abs/2112.02226v1
- Date: Sat, 4 Dec 2021 03:21:29 GMT
- Title: PhishMatch: A Layered Approach for Effective Detection of Phishing URLs
- Authors: Harshal Tupsamudre, Sparsh Jain, Sachin Lodha
- Abstract summary: We present a layered anti-phishing defense, PhishMatch, which is robust, accurate, inexpensive, and client-side.
A prototype plugin of PhishMatch, developed for the Chrome browser, was found to be fast and lightweight.
- Score: 8.658596218544774
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Phishing attacks continue to be a significant threat on the Internet. Prior
studies show that it is possible to determine whether a website is phishing or
not just by analyzing its URL more carefully. A major advantage of the URL
based approach is that it can identify a phishing website even before the web
page is rendered in the browser, thus avoiding other potential problems such as
cryptojacking and drive-by downloads. However, traditional URL based approaches
have their limitations. Blacklist based approaches are prone to zero-hour
phishing attacks, advanced machine learning based approaches consume high
resources, and other approaches send the URL to a remote server which
compromises user's privacy. In this paper, we present a layered anti-phishing
defense, PhishMatch, which is robust, accurate, inexpensive, and client-side.
We design a space-time efficient Aho-Corasick algorithm for exact string
matching and n-gram based indexing technique for approximate string matching to
detect various cybersquatting techniques in the phishing URL. To reduce false
positives, we use a global whitelist and personalized user whitelists. We also
determine the context in which the URL is visited and use that information to
classify the input URL more accurately. The last component of PhishMatch
involves a machine learning model and controlled search engine queries to
classify the URL. A prototype plugin of PhishMatch, developed for the Chrome
browser, was found to be fast and lightweight. Our evaluation shows that
PhishMatch is both efficient and effective.
Related papers
- Phishing URL Detection: A Network-based Approach Robust to Evasion [17.786802845563745]
We present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns.
Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods.
arXiv Detail & Related papers (2022-09-03T16:09:05Z) - PhishSim: Aiding Phishing Website Detection with a Feature-Free Tool [12.468922937529966]
We propose a feature-free method for detecting phishing websites using the Normalized Compression Distance (NCD)
This measure computes the similarity of two websites by compressing them, thus eliminating the need to perform any feature extraction.
We use the Furthest Point First algorithm to perform phishing prototype extractions, in order to select instances that are representative of a cluster of phishing webpages.
arXiv Detail & Related papers (2022-07-13T20:44:03Z) - Towards Web Phishing Detection Limitations and Mitigation [21.738240693843295]
We show how phishing sites bypass Machine Learning-based detection.
Experiments with 100K phishing/benign sites show promising accuracy (98.8%)
We propose Anti-SubtlePhish, a more resilient model based on logistic regression.
arXiv Detail & Related papers (2022-04-03T04:26:04Z) - Precise URL Phishing Detection Using Neural Networks [0.0]
We present you with ways to detect such malicious URLs with state of art accuracy with neural networks.
Different from previous works, where web content, URL or traffic statistics are examined, we analyse only the URL text.
The network is optimised and can be used even on small devices such as Ras-Pi without a change in performance.
arXiv Detail & Related papers (2021-10-26T05:55:53Z) - Detecting Phishing Sites -- An Overview [0.0]
Phishing is one of the most severe cyber-attacks where researchers are interested to find a solution.
To minimize the damage caused by phishing must be detected as early as possible.
There are various phishing detection techniques based on white-list, black-list, content-based, URL-based, visual-similarity and machine-learning.
arXiv Detail & Related papers (2021-03-23T19:16:03Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z) - Robust and Verifiable Information Embedding Attacks to Deep Neural
Networks via Error-Correcting Codes [81.85509264573948]
In the era of deep learning, a user often leverages a third-party machine learning tool to train a deep neural network (DNN) classifier.
In an information embedding attack, an attacker is the provider of a malicious third-party machine learning tool.
In this work, we aim to design information embedding attacks that are verifiable and robust against popular post-processing methods.
arXiv Detail & Related papers (2020-10-26T17:42:42Z) - Backdoor Attack against Speaker Verification [86.43395230456339]
We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data.
We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
arXiv Detail & Related papers (2020-10-22T11:10:08Z) - Scalable Backdoor Detection in Neural Networks [61.39635364047679]
Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch.
We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types.
In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
arXiv Detail & Related papers (2020-06-10T04:12:53Z) - Phishing and Spear Phishing: examples in Cyber Espionage and techniques
to protect against them [91.3755431537592]
Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards.
This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
arXiv Detail & Related papers (2020-05-31T18:10:09Z) - Targeted Attack for Deep Hashing based Retrieval [57.582221494035856]
We propose a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on such retrieval.
We first formulate the targeted attack as a point-to-set optimization, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label.
To balance the performance and perceptibility, we propose to minimize the Hamming distance between the hash code of the adversarial example and the anchor code under the $ellinfty$ restriction on the perturbation.
arXiv Detail & Related papers (2020-04-15T08:36:58Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.