Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*,

Published byPentti Hämäläinen Modified over 6 years ago

Similar presentations

Presentation on theme: "January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*,"— Presentation transcript:

1 Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application
January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*, Tommi Gröndahl*, Nidhi Singh†, N.Asokan* *Aalto University - †Intel Security

2 Requirements for phishing detection
Accuracy: high detection rate with low misidentification of legitimate webpages as phish. Context independent detection: not dependent on any observed language or brand. Temporal resilience: accuracy does not degrade overtime. Resilience to dynamic phish: different content can be delivered to different user User privacy: no disclosure of browsing history Effective protection: fast decision and effective warning

3 Client-side implementation
Decision relies only on information available to a web browser: Privacy preservation Resilient to dynamic phish Starting URL Landing URL Redirection chain Logged links HTML source code: Text Title HREF links Copyright

4 Modeling phisher limitations
Phishers have different level of control and are placed under some constraints while building a webpage: Control: External loaded content (logged links) and external HREF links are not controlled by page owner. Constraints: Registered domain name part of URL cannot be freely defined: constrained by registration (DNS) policies. Accurate decision Temporal resilience

5 Use few but dynamic features
210 dynamic features computed from data sources: URL features (106) Term usage consistency (66) Usage of starting and landing mld (22) RDN usage (13) Webpage content (5) Gradient Boosting classification (supervised) Context independent decision Fast decision

6 Relevant warnings Redirection to the target of the phish / no technical jargon

7 System Accuracy (language independence)
Classifier Training: 4,531 English legitimate webpages 1,036 phishing webpages Assessment: Legitimate webpages: 100,000 English 10,000 each in French, German, Italian, Portuguese and Spanish 1,216 phishing webpages

8 System Accuracy (language independence)
ROC Curve Precision vs. Recall 100,000 English legitimate / 1,216 phishs (≈ real world repartition) Precision Recall FP Rate AUC Accuracy 0.956 0.958 0.0005 0.999

9 Accuracy comparison FPR Precision Recall Accuracy Cantina (CMU) 0.03
0.212 0.89 0.969 Cantina+ (CMU) 0.013 0.964 0.955 0.97 Ma et al. (UCB) 0.001 0.998 0.924 Whittaker et al. (Google) 0.0001 0.989 0.915 0.999 Monarch (UCB) 0.003 0.961 0.734 0.866 Our method 0.0005 0.956 0.958

10 Performance Memory footprint Impact on Web surfing 295 MB
Phishing webpages: Interaction blocked in < 0.2 second Warning displayed (and target identified) in < 2 seconds Legitimate webpages: None (albeit false positives)

11 Thank You

12 Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application
January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*, Tommi Gröndahl*, Nidhi Singh†, N.Asokan* *Aalto University - †Intel Security

Download ppt "January 31st, 2017 Samuel Marchal*, Giovanni Armano*, Kalle Saari*,"

Similar presentations

PHP I.

PHP I.
Large-Scale Entity-Based Online Social Network Profile Linkage.

Large-Scale Entity-Based Online Social Network Profile Linkage.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Page-level Template Detection via Isotonic Smoothing Deepayan ChakrabartiYahoo! Research Ravi KumarYahoo! Research Kunal PuneraUniv. of Texas at Austin.

Page-level Template Detection via Isotonic Smoothing Deepayan ChakrabartiYahoo! Research Ravi KumarYahoo! Research Kunal PuneraUniv. of Texas at Austin.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Does Ajax suck? CS575 Spring 2007 Chanwit Suebsureekul.

Does Ajax suck? CS575 Spring 2007 Chanwit Suebsureekul.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Dawn Pedersen Art Institute. Introduction All your hard design work will suffer in anonymity if people can't find your site. The most common way people.

Dawn Pedersen Art Institute. Introduction All your hard design work will suffer in anonymity if people can't find your site. The most common way people.
Large-Scale Cost-sensitive Online Social Network Profile Linkage.

Large-Scale Cost-sensitive Online Social Network Profile Linkage.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
PhishScore: Hacking Phishers’ Minds

PhishScore: Hacking Phishers’ Minds
Dynamic Web Pages (Flash, JavaScript)

Dynamic Web Pages (Flash, JavaScript)
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
Kelly rowland WHAT WE ALL NEED!!. hoppadon formly of village deuce mafia...the hottest rap don spitting!!

Kelly rowland WHAT WE ALL NEED!!. hoppadon formly of village deuce mafia...the hottest rap don spitting!!
SURF:SURF: Detecting and Measuring Search Poisoning Long Lu, Roberto Perdisci, and Wenke Lee Georgia Tech and University of Georgia.

SURF:SURF: Detecting and Measuring Search Poisoning Long Lu, Roberto Perdisci, and Wenke Lee Georgia Tech and University of Georgia.
 Search Engine Search Engine  Steps to Search for webpages pertaining to a specific information Steps to Search for webpages pertaining to a specific.

 Search Engine Search Engine  Steps to Search for webpages pertaining to a specific information Steps to Search for webpages pertaining to a specific.

Similar presentations

Ads by Google