Phishing Detection: Analysis of Visual Similarity Based Approaches

Phishing is one of the major problems faced by cyber-world and leads to financial losses for both industries and individuals. Detection of phishing attack with high accuracy has always been a challenging issue. At present, visual similarities based techniques are very useful for detecting phishing websites efficiently. Phishing website looks very similar in appearance to its corresponding legitimate website to deceive users into believing that they are browsing the correct website. Visual similarity based phishing detection techniques utilise the feature set like text content, text format, HTML tags, Cascading Style Sheet (CSS), image, and so forth, to make the decision. These approaches compare the suspicious website with the corresponding legitimate website by using various features and if the similarity is greater than the predefined threshold value then it is declared phishing. This paper presents a comprehensive analysis of phishing attacks, their exploitation, some of the recent visual similarity based approaches for phishing detection, and its comparative study. Our survey provides a better understanding of the problem, current solution space, and scope of future research to deal with phishing attacks efficiently using visual similarity based approaches.

[1]  Markus Jakobsson,et al.  Modeling and Preventing Phishing Attacks , 2005, Financial Cryptography.

[2]  Elisa Bertino,et al.  Using automated individual white-list to protect web digital identities , 2012, Expert Syst. Appl..

[3]  Christopher Krügel,et al.  A layout-similarity-based approach for detecting phishing pages , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[4]  Kuan-Ta Chen,et al.  Fighting Phishing with Discriminative Keypoint Features , 2009, IEEE Internet Computing.

[5]  Christopher Krügel,et al.  Automating Mimicry Attacks Using Static Binary Analysis , 2005, USENIX Security Symposium.

[6]  Fadi A. Thabtah,et al.  Intelligent phishing detection system for e-banking using fuzzy data mining , 2010, Expert Syst. Appl..

[7]  David Salesin,et al.  Fast multiresolution image querying , 1995, SIGGRAPH.

[8]  Ilango Krishnamurthi,et al.  An efficacious method for detecting phishing webpages through target domain identification , 2014, Decis. Support Syst..

[9]  Scott Dick,et al.  Detecting visually similar Web pages: Application to phishing detection , 2010, TOIT.

[10]  P. Lalitha,et al.  New Filtering Approaches for Phishing Email , 2013 .

[11]  Stephen Groat,et al.  GoldPhish: Using Images for Content-Based Phishing Analysis , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[12]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[13]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[14]  Gang Liu,et al.  Automatic Detection of Phishing Target from Phishing Webpage , 2010, 2010 20th International Conference on Pattern Recognition.

[15]  Nauman Aslam,et al.  Intelligent phishing detection and protection scheme for online transactions , 2013, Expert Syst. Appl..

[16]  B. B. Gupta,et al.  Comparative analysis of features based machine learning approaches for phishing detection , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[17]  Kuan-Ta Chen,et al.  Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach , 2009, ISA.

[18]  Jose M. Pavía-Miralles,et al.  Credit card incidents and control systems , 2015 .

[19]  Ankit Kumar Jain,et al.  PHISH-SAFE: URL Features-Based Phishing Detection System Using Machine Learning , 2018 .

[20]  Malcolm Robert Pattinson,et al.  The design of phishing studies: Challenges for researchers , 2015, Comput. Secur..

[21]  Gholam Ali Montazer,et al.  Detection of phishing attacks in Iranian e-banking using a fuzzy-rough hybrid system , 2015, Appl. Soft Comput..

[22]  Chun-Ying Huang,et al.  Mitigate web phishing using site signatures , 2010, TENCON 2010 - 2010 IEEE Region 10 Conference.

[23]  Cheng Hsin Hsu,et al.  Identify fixed-path phishing attack by STC , 2011, CEAS '11.

[24]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[25]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[26]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[27]  Lauren Elizabeth Walker,et al.  Deception of Phishing: Studying the Techniques of Social Engineering by Analyzing Modern-day Phishing Attacks on Universities. , 2016 .

[28]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[29]  Ka-Ping Yee,et al.  Passpet: convenient password management and phishing protection , 2006, SOUPS '06.

[30]  Tommy W. S. Chow,et al.  Textual and Visual Content-Based Anti-Phishing: A Bayesian Approach , 2011, IEEE Transactions on Neural Networks.

[31]  Xiaotie Deng,et al.  Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[32]  Kang-Leng Chiew,et al.  Utilisation of website logo for phishing detection , 2015, Comput. Secur..

[33]  Pau-Choo Chung,et al.  Contrast context histogram - An efficient discriminating local descriptor for object recognition and image matching , 2008, Pattern Recognit..

[34]  Siddhartha Bhattacharyya,et al.  Data mining for credit card fraud: A comparative study , 2011, Decis. Support Syst..

[35]  Yuen-Hsien Tseng,et al.  Users' behavioral prediction for phishing detection , 2014, WWW.

[36]  Ramana Rao Kompella,et al.  PhishNet: Predictive Blacklisting to Detect Phishing Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[37]  Xi Chen,et al.  Assessing the severity of phishing attacks: A hybrid data mining approach , 2011, Decis. Support Syst..

[38]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[39]  Suku Nair,et al.  A comparison of machine learning techniques for phishing detection , 2007, eCrime '07.

[40]  Youssef Iraqi,et al.  Phishing Detection: A Literature Survey , 2013, IEEE Communications Surveys & Tutorials.

[41]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[42]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[43]  Akhilendra Pratap Singh,et al.  Detection and Prevention of Phishing Attack Using Dynamic Watermarking , 2011 .

[44]  B. B. Gupta,et al.  A Survey of Phishing Email Filtering Techniques , 2013, IEEE Communications Surveys & Tutorials.

[45]  Harry Wechsler,et al.  phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training , 2012 .

[46]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[47]  Ankit Kumar Jain,et al.  A novel approach to protect against phishing attacks at client side using auto-updated white-list , 2016, EURASIP Journal on Information Security.

[48]  Won Kim,et al.  The dark side of the Internet: Attacks, costs and responses , 2011, Inf. Syst..

[49]  Fadi Thabtah,et al.  Associative Classification techniques for predicting e-banking phishing websites , 2010, 2010 International Conference on Multimedia Computing and Information Technology (MCIT).

[50]  Md. Rafiqul Islam,et al.  A multi-tier phishing detection and filtering approach , 2013, J. Netw. Comput. Appl..

[51]  Akira Yamada,et al.  Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[52]  Tyler Moore,et al.  Examining the impact of website take-down on phishing , 2007, eCrime '07.

[53]  Scott Dick,et al.  Consumer trust in e-commerce web sites , 2011, ACM Comput. Surv..

[54]  Eric Medvet,et al.  Visual-similarity-based phishing detection , 2008, SecureComm.

[55]  Kun Li,et al.  BaitAlarm: Detecting Phishing Sites Using Similarity in Fundamental Visual Features , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[56]  Bin Gu,et al.  Incremental Support Vector Learning for Ordinal Regression , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[57]  Bin Gu,et al.  Incremental learning for ν-Support Vector Regression , 2015, Neural Networks.

[58]  Xinyang Deng,et al.  Assessment of E-Commerce security using AHP and evidential reasoning , 2012, Expert Syst. Appl..

[59]  Nalin Asanka Gamagedara Arachchilage,et al.  Designing a Mobile Game for Home Computer Users to Protect Against Phishing Attacks , 2016, ArXiv.

[60]  N. Otsu A threshold selection method from gray level histograms , 1979 .

[61]  Andrew H. Sung,et al.  Detection of Phishing Attacks: A Machine Learning Approach , 2008, Soft Computing Applications in Industry.

[62]  Lance James,et al.  Phishing exposed , 2005 .

[63]  Rachel Greenstadt,et al.  PhishZoo: Detecting Phishing Websites by Looking at Them , 2011, 2011 IEEE Fifth International Conference on Semantic Computing.

[64]  Selvakumar Manickam,et al.  Phishing Dynamic Evolving Neural Fuzzy Framework for Online Detection Zero-day Phishing Email , 2013, ArXiv.

[65]  Aakanksha Tewari,et al.  Recent survey of various defense mechanisms against phishing attacks , 2016 .

[66]  Ali Yazdian Varjani,et al.  New rule-based phishing detection method , 2016, Expert Syst. Appl..

[67]  Rui Chen,et al.  Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email , 2012, IEEE Transactions on Professional Communication.

[68]  Desney S. Tan,et al.  An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[69]  Weili Han,et al.  Anti-phishing based on automated individual white-list , 2008, DIM '08.

[70]  Xiaotie Deng,et al.  An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.

[71]  Bimal Parmar,et al.  Protecting against spear-phishing , 2012 .

[72]  Fadi A. Thabtah,et al.  Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies , 2010, Cognitive Computation.

[73]  Stephen Flowerday,et al.  Phishing within e-commerce: A trust and confidence game , 2010, 2010 Information Security for South Africa.

[74]  J. Efrim Boritz,et al.  E-Commerce and Privacy: Exploring What We Know and Opportunities for Future Discovery , 2011, J. Inf. Syst..