Position Paper: Think Globally, React Locally -- Bringing Real-time Reference-based Website Phishing Detection on macOS

• URL: http://arxiv.org/abs/2405.18236v2
• Date: Thu, 4 Jul 2024 09:37:24 GMT
• Title: Position Paper: Think Globally, React Locally -- Bringing Real-time Reference-based Website Phishing Detection on macOS
• Authors: Ivan Petrukha, Nataliia Stulova, Sergii Kryvoblotskyi,
• Abstract summary: The recent surge in phishing attacks keeps undermining the effectiveness of the traditional anti-phishing blacklist approaches. On-device anti-phishing solutions are gaining popularity as they offer faster phishing detection locally. We propose a phishing detection solution that uses a combination of computer vision and on-device machine learning models to analyze websites in real time.
• Score: 0.4962561299282114
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Background. The recent surge in phishing attacks keeps undermining the effectiveness of the traditional anti-phishing blacklist approaches. On-device anti-phishing solutions are gaining popularity as they offer faster phishing detection locally. Aim. We aim to eliminate the delay in recognizing and recording phishing campaigns in databases via on-device solutions that identify phishing sites immediately when encountered by the user rather than waiting for a web crawler's scan to finish. Additionally, utilizing operating system-specific resources and frameworks, we aim to minimize the impact on system performance and depend on local processing to protect user privacy. Method. We propose a phishing detection solution that uses a combination of computer vision and on-device machine learning models to analyze websites in real time. Our reference-based approach analyzes the visual content of webpages, identifying phishing attempts through layout analysis, credential input areas detection, and brand impersonation criteria combination. Results. Our case study shows it's feasible to perform background processing on-device continuously, for the case of the web browser requiring the resource use of 16% of a single CPU core and less than 84MB of RAM on Apple M1 while maintaining the accuracy of brand logo detection at 46.6% (comparable with baselines), and of Credential Requiring Page detection at 98.1% (improving the baseline by 3.1%), within the test dataset. Conclusions. Our results demonstrate the potential of on-device, real-time phishing detection systems to enhance cybersecurity defensive technologies and extend the scope of phishing detection to more similar regions of interest, e.g., email clients and messenger windows.

Related papers

• Multimodal Large Language Models for Phishing Webpage Detection and Identification [29.291474807301594]
  We study the efficacy of large language models (LLMs) in detecting phishing webpages. Our system achieves a high detection rate at high precision. It also provides interpretable evidence for the decisions.
  arXiv  Detail & Related papers  (2024-08-12T06:36:08Z)
• PhishNet: A Phishing Website Detection Tool using XGBoost [1.777434178384403]
  PhisNet is a cutting-edge web application designed to detect phishing websites using advanced machine learning. It aims to help individuals and organizations identify and prevent phishing attacks through a robust AI framework.
  arXiv  Detail & Related papers  (2024-06-29T21:31:13Z)
• Next Generation of Phishing Attacks using AI powered Browsers [0.0]
  The model had an accuracy of 98.32%, precision of 98.62%, recall of 97.86%, and an F1-score of 98.24%. The zero-day phishing attack detection testing over a 15-day period revealed the model's capability to identify previously unseen threats. The model had successfully detected phishing URLs that evaded detection by Google safe browsing.
  arXiv  Detail & Related papers  (2024-06-18T12:24:36Z)
• KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing Detection [36.014171641453615]
  We propose an automated knowledge collection pipeline, containing 20k brands with rich information about each brand. KnowPhish can be used to boost the performance of existing reference-based phishing detectors. Our resulting multimodal phishing detection approach, KnowPhish Detector, can detect phishing webpages with or without logos.
  arXiv  Detail & Related papers  (2024-03-04T17:38:32Z)
• Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters [45.493130647468675]
  We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application.
  arXiv  Detail & Related papers  (2024-02-18T15:45:38Z)
• A survey on hardware-based malware detection approaches [45.24207460381396]
  Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess. We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
  arXiv  Detail & Related papers  (2023-03-22T13:00:41Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• PhishSim: Aiding Phishing Website Detection with a Feature-Free Tool [12.468922937529966]
  We propose a feature-free method for detecting phishing websites using the Normalized Compression Distance (NCD) This measure computes the similarity of two websites by compressing them, thus eliminating the need to perform any feature extraction. We use the Furthest Point First algorithm to perform phishing prototype extractions, in order to select instances that are representative of a cluster of phishing webpages.
  arXiv  Detail & Related papers  (2022-07-13T20:44:03Z)
• Towards Web Phishing Detection Limitations and Mitigation [21.738240693843295]
  We show how phishing sites bypass Machine Learning-based detection. Experiments with 100K phishing/benign sites show promising accuracy (98.8%) We propose Anti-SubtlePhish, a more resilient model based on logistic regression.
  arXiv  Detail & Related papers  (2022-04-03T04:26:04Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)
• Defending Water Treatment Networks: Exploiting Spatio-temporal Effects for Cyber Attack Detection [46.67179436529369]
  Water Treatment Networks (WTNs) are critical infrastructures for local communities and public health, WTNs are vulnerable to cyber attacks. We propose a structured anomaly detection framework to defend WTNs by modeling thetemporal characteristics of cyber attacks in WTNs.
  arXiv  Detail & Related papers  (2020-08-26T15:56:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.