Leverage Website Favicon to Detect Phishing Websites

Phishing attack is a cybercrime that can lead to severe financial losses for Internet users and entrepreneurs. Typically, phishers are fond of using fuzzy techniques during the creation of a website. They confuse the victim by imitating the appearance and content of a legitimate website. In addition, many websites are vulnerable to phishing attacks, including financial institutions, social networks, e-commerce, and airline websites. This paper is an extension of our previous work that leverages the favicon with Google image search to reveal the identity of a website. Our identity retrieval technique involves an effective mathematical model that can be used to assist in retrieving the right identity from the many entries of the search results. In this paper, we introduced an enhanced version of the favicon-based phishing attack detection with the introduction of the Domain Name Amplification feature and incorporation of addition features. Additional features are very useful when the website being examined does not have a favicon. We have collected a total of 5,000 phishing websites from PhishTank and 5,000 legitimate websites from Alexa to verify the effectiveness of the proposed method. From the experimental results, we achieved a 96.93% true positive rate with only a 4.13% false positive rate.

[1]  Jun Ho Huh,et al.  Phishing Detection with Popular Search Engines: Simple and Effective , 2011, FPS.

[2]  Akira Yamada,et al.  Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[3]  Stephen Groat,et al.  GoldPhish: Using Images for Content-Based Phishing Analysis , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[4]  Rachel Greenstadt,et al.  PhishZoo: Detecting Phishing Websites by Looking at Them , 2011, 2011 IEEE Fifth International Conference on Semantic Computing.

[5]  Amir Herzberg,et al.  Security and identification indicators for browsers against spoofing and phishing attacks , 2008, TOIT.

[6]  A. Sardana,et al.  A PageRank based detection technique for phishing web sites , 2012, 2012 IEEE Symposium on Computers & Informatics (ISCI).

[7]  Kang-Leng Chiew,et al.  Utilisation of website logo for phishing detection , 2015, Comput. Secur..

[8]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[9]  Christopher Krügel,et al.  There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits , 2008, WOOT.

[10]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[11]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[12]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[13]  Kang-Leng Chiew,et al.  Phishdentity: Leverage Website Favicon to Offset Polymorphic Phishing Website , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[14]  Andrew H. Sung,et al.  Mining Web to Detect Phishing URLs , 2012, 2012 11th International Conference on Machine Learning and Applications.