Presentation is loading. Please wait.

Presentation is loading. Please wait.

PhishZoo: Detecting Phishing Websites By Looking at Them

Published byLorenzo Facer Modified over 10 years ago

Similar presentations

Presentation on theme: "PhishZoo: Detecting Phishing Websites By Looking at Them"— Presentation transcript:

1 PhishZoo: Detecting Phishing Websites By Looking at Them
Sadia Afroz Rachel Greenstadt

2 The Phishing Problem URL Browser Indicator SSL Alice uses online bank
Real bank Phishing is a web-based attack that uses social engineering techniques to exploit Internet users and acquire sensitive data. Most phishing attacks work by creating a fake version of the real site's web interface to gain the user's trust. Alice thinks everything that looks like her bank Is her bank! Fake bank

3 What is PhishZoo Phishing Site ? Fake site Real site

4 Overview Motivation Related works Contribution PhishZoo: Approach
Evaluation and results Conclusion and future works

5 Motivation Current state of phishing
According to the Anti-Phishing Working Group (APWG), there were at least 67, 677 phishing attacks in the last six months of 2010.

6 Importance of Appearance
90.9% people trusts a site based on it’s appearance [Dhamija et al, 2006] Spear Phishing Increase use of spear phishing or targeted attacks The majority of users provide sensitive credentials to a small set of sites (fewer than 20) [Cao et al, 2008]

7 Related works Non-content based approaches: Content based approaches:
URL based phishing detection [Ma et al, 2009] Blacklisting Whitelisting Content based approaches: CANTINA Google’s anti-phishing filter Visual similarity based phishing detection: Screenshots of websites [Chen et al, 2009] Screen capture with Earth Mover’s Distance [Fu et al, 2006] Layout and style similarity [ Liu et al, 2006] Optical character recognition of Screenshots of webpage [Dunlop et al, 2010]

8 Contribution We investigated vision techniques to detect phishing sites more robustly. It can detect new phishing sites which are not yet blacklisted and targeted attacks against small brokerages and corporate intranets..

9 PhishZoo: Approach Phishing Alert Images Visible text Profile Stored
Extracts visual elements of the site Visual components match but the url, ssl don’t match Real site Phishing Alert Profile Making A profile of a site is a combination of different metrics that uniquely identifies that site A user chooses real sites that he wants to protect from phishing to be saved as profiles. Heuristic methods can be used to help verify a site’s authenticity at this stage. In a profile, PhishZoo stores SSL certificates, URL and contents related to a site’s appearance such as HTML files, extracted features of the logo. SIFT is used to extract image features. Images Visible text Extracts visual elements of the site Fake site

10 PhishZoo: Site Profile
Profile Making A profile of a site is a combination of different metrics that uniquely identifies that site A user chooses real sites that he wants to protect from phishing to be saved as profiles. In a profile, PhishZoo stores SSL certificates, URL and contents related to a site’s appearance such as HTML files, extracted features of the logo. SIFT is used to extract image features.

11 PhishZoo: Image matching
Currently, only logo of a site is saved in the site profile. For image matching, we used SIFT SIFT extracts keypoints from an image These keypoints are invariant to affine transformation, scaling, rotation upto 30 degrees, and illumination. During matching, the keypoints of two images are matched. Two images are considered similar if the percentage of matched keypoints is greater than a threshold

12 Data Collection We used 20 stored sites.
For true positive testing: 1000 verified phishing sites from Phishtank. For false positive testing: 200 most popular sites accessed by Internet users (taken from These sites are reported by users and verified as phishing by voting.

13 Evaluation and Results
Profile Content Analysis: HTML Visible text in HTML Keywords : top TF-IDF ranked words of a site and url Images Images and visible text Screenshots Images and keywords

14 Results: Texts

15 Results: Images

16 Performance Analysis:
Keyword and image matching has better accuracy than other profile contents. This recommended approach takes about 7 to 17 seconds on average to compare a site against all the profiles.

17 If matching found, then the site is phishing site
Perform image matching with the most likely profile Online profile matching Select most relevant profile Site with most keyword match is the most relevant profile Search for the keywords in current site Select n keywords From profiles Fetch site If any matching found, then site is phishing site Perform Image matching with all profiles in the background Offline profile matching

18 Limitations Site redirection No or obfuscated use of the keywords,
Use of cropped, extended or rotated (more than 30 degrees) images Real logo Fake logo

19 Conclusion and Future work
We described a new approach of web-phishing detection using vision techniques. Use a faster image machine algorithm Scene analysis

20 References R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06: Proceedings of the SIGCHI conference on Human factors in computing systems, 2006. Y. Cao, W. Han, and Y. Le, “Anti-phishing based on automated individual white-list,” in DIM ’08: Proceedings of the 4th ACM workshop on Digital identity management. New York, NY, USA: ACM, 2008, pp.51–60. S. Egelman, L. Cranor, and J. Hong, “You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings.” in CHI ’08: Proceedings of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, 2008

Download ppt "PhishZoo: Detecting Phishing Websites By Looking at Them"

Similar presentations

Distinctive Image Features from Scale-Invariant Keypoints

Distinctive Image Features from Scale-Invariant Keypoints
Group Meeting Presented by Wyman 10/14/2006

Group Meeting Presented by Wyman 10/14/2006
Ziv Bar-YossefMaxim Gurevich Google and Technion Technion TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A A AA.

Ziv Bar-YossefMaxim Gurevich Google and Technion Technion TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A A AA.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Presented by Xinyu Chang

Presented by Xinyu Chang
Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,

Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,
VisualRank: Applying PageRank to Large-Scale Image Search Yushi Jing, Member, IEEE, and Shumeet Baluja, Member, IEEE.

VisualRank: Applying PageRank to Large-Scale Image Search Yushi Jing, Member, IEEE, and Shumeet Baluja, Member, IEEE.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta.

Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta.
Fraud Detection CNN designed for anti-phishing. Contents Recap PhishZoo Approach Initial Approach Early Results On Deck.

Fraud Detection CNN designed for anti-phishing. Contents Recap PhishZoo Approach Initial Approach Early Results On Deck.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Object Recognition with Invariant Features n Definition: Identify objects or scenes and determine their pose and model parameters n Applications l Industrial.

Object Recognition with Invariant Features n Definition: Identify objects or scenes and determine their pose and model parameters n Applications l Industrial.
CMPT-884 Jan 18, 2010 Video Copy Detection using Hadoop Presented by: Cameron Harvey Naghmeh Khodabakhshi CMPT 820 December 2, 2010.

CMPT-884 Jan 18, 2010 Video Copy Detection using Hadoop Presented by: Cameron Harvey Naghmeh Khodabakhshi CMPT 820 December 2, 2010.
Tour the World: building a web-scale landmark recognition engine ICCV 2009 Yan-Tao Zheng1, Ming Zhao2, Yang Song2, Hartwig Adam2 Ulrich Buddemeier2, Alessandro.

Tour the World: building a web-scale landmark recognition engine ICCV 2009 Yan-Tao Zheng1, Ming Zhao2, Yang Song2, Hartwig Adam2 Ulrich Buddemeier2, Alessandro.
The process of increasing the amount of visitors to a website by ranking high in the search results of a search engine.

The process of increasing the amount of visitors to a website by ranking high in the search results of a search engine.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
A Study of Approaches for Object Recognition

A Study of Approaches for Object Recognition
Object Recognition with Invariant Features n Definition: Identify objects or scenes and determine their pose and model parameters n Applications l Industrial.

Object Recognition with Invariant Features n Definition: Identify objects or scenes and determine their pose and model parameters n Applications l Industrial.
Supervised by Prof. LYU, Rung Tsong Michael Department of Computer Science & Engineering The Chinese University of Hong Kong Prepared by: Chan Pik Wah,

Supervised by Prof. LYU, Rung Tsong Michael Department of Computer Science & Engineering The Chinese University of Hong Kong Prepared by: Chan Pik Wah,

Similar presentations

Ads by Google