Abstract
In a web-based phishing attack, an attacker sets up scam web pages to deceive users to input their sensitive information. The appearance of web pages plays an important role in deceiving users, and thus is a critical metric for detecting phishing web sites. In this paper, we propose a robust phishing page detection mechanism based on web pages’ visual similarity. To measure the similarity of the suspicious pages and victim pages accurately, we extract features from the Cascading Style Sheet (CSS) of web pages, and select the effective feature sets for similarity rating. We prototyped our approach in the Google Chrome browser and used it to analyze suspicious web pages. The proof of concept implementation verifies the effectiveness of our algorithm with a low performance overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
PhishMe Q1 2016 malware review (2016). https://phishme.com/project/phishme-q1-2016-malware-review/
Abbasi, A., Zahedi, F.M., Zeng, D.: Enhancing predictive analytics for anti-phishing by exploiting website genre information. J. Manag. Inf. Syst. 31(4), 109–157 (2015)
Belabed, A., Aimeur, E., Chikh, A.: A personalized whitelist approach for phishing webpage detection. In: 7th International Conference on Availability, Reliability and Security (ARES), Prague, pp. 249–254. IEEE, August 2012
Bottazzi, G., Casalicchio, E., Cingolani, D., Marturana, F., Piu, M.: MP-shield: a framework for phishing detection in mobile devices. In: Proceedings - 15th IEEE International Conference on Computer and Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2015, 13th IEEE International Conference on Dependable, Autonomic and SE, pp. 1977–1983 (2015)
Chen, T.-C., Dick, S., Miller, J.: Detecting visually similar web pages: application to phishing detection. ACM Trans. Internet Technol. 10(2), 1–38 (2010)
Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: Client-side defense against web-based identity theft. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS) (2004)
C.Inc.: Couldmark toolbar, August 2015. http://www.cloudmark.com/desktop/ie-toolbar
Corbetta, J., Invernizzi, L., Kruegel, C., Vigna, G.: Eyes of a human, eyes of a program: leveraging different views of the web for analysis and detection. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 130–149. Springer, Cham (2014). doi:10.1007/978-3-319-11379-1_7
Dunlop, M., Groat, S., Shelly, D.: Goldphish: using images for content-based phishing analysis. In: 5th International Conference on Internet Monitoring and Protection (ICIMP), Barcelona, pp. 123–128. IEEE, May 2010
Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proceedings of the International World Wide Web Conference (WWW), May 2007
iTrustPage. http://www.cs.toronto.edu/ronda/itrustpage/
Khonji, M., Iraqi, Y., Jones, A.: Lexical URL analysis for discriminating phishing and legitimate websites. In: 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, pp. 109–115. ACM, New York (2011)
Khonji, M., Iraqi, Y., Jones, A.: Enhancing phishing e-mail classifiers: a lexical URL analysis approach. Int. J. Inf. Secur. Res. (IJISR) 2(1/2), 40 (2012)
Lee, L.-H., Lee, K.-C., Juan, Y.-C., Chen, H.-H., Tseng, Y.-H.: Users’ behavioral prediction for phishing detection. In: Proceedings of the 23rd International Conference on World Wide Web, no. 1, pp. 337–338 (2014)
Ma, J., Saul, L. K., Savage, S., Voelker, G.M.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1245–1254. ACM, New York (2009)
Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Identifying suspicious URLs: an application of large-scale online learning. In: 26th Annual International Conference on Machine Learning, pp. 681–688. ACM, New York (2009)
Mao, J., Li, P., Li, K., Wei, T., Liang, Z.: BaitAlarm: detecting phishing sites using similarity in fundamental visual features. In: Proceedings of the 5th International Conference on Intelligent Networking and Collaborative Systems (2013)
Medvet, E., Kirda, E., Kruegel, C.: Visual-similarity-based phishing detection. In: Proceedings of SecureComm 2008. ACM, September 2008
Moghimi, M., Varjani, A.Y.: New rule-based phishing detection method. Expert Syst. Appl. 53, 231–242 (2016)
Mohammad, R., Thabtah, F., McCluskey, L.: An assessment of features related to phishing websites using an automated technique. In: International Conference for Internet Technology and Secured Transactions, London, pp. 492–497. IEEE, December 2012
Nourian, A., Ishtiaq, S., Maheswaran, M.: CASTLE: a social framework for collaborative anti-phishing databases. In: 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, Washington, DC, pp. 1–10 (2009)
Likarish, P., Jung, E., Dunbar, D., Hansen, T.E., Hourcade, J.P.: B-apt: Bayesian anti-phishing toolbar. In: Proceedings of IEEE International Conference on Communications, ICC 2008. IEEE Press, May 2008
Pan, Y., Ding, X.: Anomaly based web phishing page detection. In: 22nd Annual Computer Security Applications Conference, Miami Beach, FL, pp. 381–392. IEEE, December 2006
Ronda, T., Saroiu, S., Wolman, A.: iTrustPage: a user-assisted anti-phishing tool. In: Proceedings of Eurosys 2008. ACM, April 2008
Wardman, B., Stallings, T., Warner, G., Skjellum, A.: High-performance content-based phishing attack detection. In: eCrime Researchers Summit, San Diego, CA, pp. 1–9. IEEE, November 2011
Wenyin, L., Xiaotie, D.: Detecting phishing web pages with visual similarity assessment based on earth mover’s distance. IEEE Trans. Dependable Secure Comput. 3(4), 301–311 (2006)
Wu, L., Du, X., Wu, J.: MobiFish: a lightweight anti-phishing scheme for mobile phones. In: Proceedings - International Conference on Computer Communications and Networks, ICCCN (2014)
Xiang, G., Hong, J., Rose, C.P., Cranor, L.: CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(2), 21 (2011)
Xiaotie, D., Guanglin, H., Fu, A.Y.: An antiphishing strategy based on visual similarity assessment. Internet Comput. 10(2), 58–65 (2006)
Cao, Y., Han, W., Le, Y.: Anti-phishing based on automated individual white-list. In: Proceedings of the 4th ACM Workshop on Digital Identity Management, pp. 51–60 (2008)
Zhang, W., Lu, H., Xu, B., Yang, H.: Web phishing detection based on page spatial layout similarity. Informatica 37(3), 231–244 (2013)
Zhang, Y., Hong, J., Cranor, L.: Cantina: a content-based approach to detecting phishing web sites. In: Proceedings of the International World Wide Web Conference (WWW), May 2007
Acknowledgment
This work was supported in part by the National Natural Science Foundation of China (No. 61402029), the National Natural Science Foundation of China (No. 61370190 and No. 61379002), Singapore Ministry of Education under NUS grant R-252-000-539-112.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Mao, J., Tian, W., Li, P., Wei, T., Liang, Z. (2017). Phishing Website Detection Based on Effective CSS Features of Web Pages. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_68
Download citation
DOI: https://doi.org/10.1007/978-3-319-60033-8_68
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60032-1
Online ISBN: 978-3-319-60033-8
eBook Packages: Computer ScienceComputer Science (R0)