Personalized, Browser-Based Visual Phishing Detection Based on Deep Learning
Phishing defense mechanisms that are close to browsers and that do not rely on any forms of website reputation may be a powerful tool for combating phishing campaigns that are increasingly more targeted and last for increasingly shorter life spans. Browser-based phishing detectors that are specialized for a user-selected set of targeted web sites and that are based only on the overall visual appearance of a target could be a very effective tool in this respect. Approaches of this kind have not been very successful for several reasons, including the difficulty of coping with the large set of genuine pages encountered in normal browser usage without flooding the user with false positives. In this work we intend to investigate whether the power of modern deep learning methodologies for image classification may enable solutions that are more practical and effective. Our experimental assessment of a convolutional neural network resulted in very high classification accuracy for targeted sets of 15 websites (the largest size that we analyzed) even when immersed in a set of login pages taken from 100 websites.
- 1.The Human Factor: People-centered threats define the landscape. Technical report, Proofpoint (2018)Google Scholar
- 2.Afroz, S., Greenstadt, R.: PhishZoo: detecting phishing websites by looking at them. In: 2011 IEEE Fifth International Conference on Semantic Computing, pp. 368–375 (2011)Google Scholar
- 4.Lazar, L.: Our analysis of 1,019 phishing kits - blog—Imperva, January 2018. https://www.imperva.com/blog/2018/01/our-analysis-of-1019-phishing-kits/. 4 July 2018
- 5.Maurer, M.E., Herzner, D.: Using visual website similarity for phishing detection and reporting. In: CHI 2012 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2012, pp. 1625–1630. ACM, New York (2012)Google Scholar