Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

Samuel Marchal; Kalle Saari; Nidhi Singh; N Asokan

doi:10.1109/ICDCS.2016.10

Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

Samuel Marchal, Kalle Saari, Nidhi Singh, N Asokan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

48 Citations (Scopus)

173 Downloads (Pure)

Abstract

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.

Original language	English
Title of host publication	IEEE 36th International Conference on Distributed Computing Systems (ICDCS)
Publisher	IEEE
Pages	323 - 333
Number of pages	11
ISBN (Electronic)	978-1-5090-1483-5
DOIs	https://doi.org/10.1109/ICDCS.2016.10
Publication status	Published - 10 Aug 2016
MoE publication type	A4 Article in a conference publication
Event	International Conference on Distributed Computing Systems - Nara Hotel, Nara, Japan Duration: 27 Jun 2016 → 30 Jun 2016 Conference number: 36 http://www-higashi.ist.osaka-u.ac.jp/icdcs2016/

Publication series

Name	International Conference on Distributed Computing Systems. Proceedings
Publisher	IEEE Computer Society
ISSN (Print)	1063-6927

Conference

Conference	International Conference on Distributed Computing Systems
Abbreviated title	ICDCS 2016
Country	Japan
City	Nara
Period	27/06/2016 → 30/06/2016
Internet address	http://www-higashi.ist.osaka-u.ac.jp/icdcs2016/

Access to Document

10.1109/ICDCS.2016.10

isbn9781509014835Accepted author manuscript, 224 KB

Fingerprint Dive into the research topics of 'Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets'. Together they form a unique fingerprint.

Cite this

@inproceedings{bc07ef989d8c4a4da0bf51bab556f518,

title = "Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets",

abstract = "Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.",

author = "Samuel Marchal and Kalle Saari and Nidhi Singh and N Asokan",

year = "2016",

month = aug,

day = "10",

doi = "10.1109/ICDCS.2016.10",

language = "English",

series = " International Conference on Distributed Computing Systems. Proceedings",

publisher = "IEEE",

pages = "323 -- 333 ",

booktitle = "IEEE 36th International Conference on Distributed Computing Systems (ICDCS)",

address = "United States",

note = "International Conference on Distributed Computing Systems , ICDCS 2016 ; Conference date: 27-06-2016 Through 30-06-2016",

url = "http://www-higashi.ist.osaka-u.ac.jp/icdcs2016/",

}

Marchal, S, Saari, K, Singh, N & Asokan, N 2016, Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets. in IEEE 36th International Conference on Distributed Computing Systems (ICDCS) . International Conference on Distributed Computing Systems. Proceedings, IEEE, pp. 323 - 333 , International Conference on Distributed Computing Systems , Nara, Japan, 27/06/2016. https://doi.org/10.1109/ICDCS.2016.10

Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets. / Marchal, Samuel; Saari, Kalle; Singh, Nidhi; Asokan, N.

IEEE 36th International Conference on Distributed Computing Systems (ICDCS) . IEEE, 2016. p. 323 - 333 ( International Conference on Distributed Computing Systems. Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

AU - Marchal, Samuel

AU - Saari, Kalle

AU - Singh, Nidhi

AU - Asokan, N

N1 - Conference code: 36

PY - 2016/8/10

Y1 - 2016/8/10

N2 - Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.

AB - Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.

U2 - 10.1109/ICDCS.2016.10

DO - 10.1109/ICDCS.2016.10

M3 - Conference contribution

T3 - International Conference on Distributed Computing Systems. Proceedings

SP - 323

EP - 333

BT - IEEE 36th International Conference on Distributed Computing Systems (ICDCS)

PB - IEEE

T2 - International Conference on Distributed Computing Systems

Y2 - 27 June 2016 through 30 June 2016

ER -