Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

Samuel Marchal, Kalle Saari, Nidhi Singh, N Asokan

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

62 Citations (Scopus)
163 Downloads (Pure)

Abstract

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.
Original languageEnglish
Title of host publicationIEEE 36th International Conference on Distributed Computing Systems (ICDCS)
PublisherIEEE
Pages323 - 333
Number of pages11
ISBN (Electronic)978-1-5090-1483-5
DOIs
Publication statusPublished - 10 Aug 2016
MoE publication typeA4 Article in a conference publication
EventInternational Conference on Distributed Computing Systems - Nara Hotel, Nara, Japan
Duration: 27 Jun 201630 Jun 2016
Conference number: 36
http://www-higashi.ist.osaka-u.ac.jp/icdcs2016/

Publication series

Name International Conference on Distributed Computing Systems. Proceedings
PublisherIEEE Computer Society
ISSN (Print)1063-6927

Conference

ConferenceInternational Conference on Distributed Computing Systems
Abbreviated titleICDCS 2016
Country/TerritoryJapan
CityNara
Period27/06/201630/06/2016
Internet address

Fingerprint

Dive into the research topics of 'Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets'. Together they form a unique fingerprint.

Cite this