Detecting Mobile Malicious Webpages in Real Time

Amrutkar, Chaitrali; Kim, Young Seuk; Traynor, Patrick

doi:10.1109/tmc.2016.2575828

Cited by 43 publications

(60 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, Alexa only provides legitimate domain names, which do not capture the true nature and variety of complete URLs that a user can come across in a realworld scenario. Only a few authors go the extra mile to include a detailed description of how the data was collected [200].…”

Section: Opportunities For Future Researchmentioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

103

View full text Add to dashboard Cite

Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and baserate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

show abstract

Section: Opportunities For Future Researchmentioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

103

View full text Add to dashboard Cite

show abstract

“…To extract the feature representation from the lexical and static components of a web page, the machine learning models rely on the assumption that the infrastructure of phishing pages are different from legitimate pages. For example, in [7], phishing web pages are automatically detected based on handcrafted features extracted from the URL, HTML content, network, and JavaScript of a web page. Furthermore, natural language processing techniques are currently used to extract specific features such as the number of common phishing words, type of ngram, etc.…”

Section: A Problem Definitionmentioning

confidence: 99%

HTMLPhish: Enabling Phishing Web Page Detection by Applying Deep Learning Techniques on HTML Analysis

Opara

Wei

Chen

2020

2020 International Joint Conference on Neural Networks (IJCNN)

View full text Add to dashboard Cite

Recently, the development and implementation of phishing attacks require little technical skills and costs. This uprising has led to an ever-growing number of phishing attacks on the World Wide Web. Consequently, proactive techniques to fight phishing attacks have become extremely necessary. In this paper, we propose HTMLPhish, a deep learning based datadriven end-to-end automatic phishing web page classification approach. Specifically, HTMLPhish receives the content of the HTML document of a web page and employs Convolutional Neural Networks (CNNs) to learn the semantic dependencies in the textual contents of the HTML. The CNNs learn appropriate feature representations from the HTML document embeddings without extensive manual feature engineering. Furthermore, our proposed approach of the concatenation of the word and character embeddings allows our model to manage new features and ensure easy extrapolation to test data. We conduct comprehensive experiments on a dataset of more than 50,000 HTML documents that provides a distribution of phishing to benign web pages obtainable in the real-world that yields over 93% Accuracy and True Positive Rate. Also, HTMLPhish is a completely language-independent and client-side strategy which can, therefore, conduct web page phishing detection regardless of the textual language.

show abstract

“…We inspected each of the 47 social networks manually, and removed 37 of them for one of the following reasons: (i) 1 See, https://en.wikipedia.org/wiki/List of social networking websites social networks that no longer exist, (ii) we were unable to create user accounts 2 , (iii) the social network is ranked too low in the Alexa Top 1M, (iv) platforms that do not support link sharing (e.g., Soundcloud), (v) platforms that require Premium subscriptions, (vi) social networks that merged with already discarded ones, and (vii) posting prevented due to bot detection. Table II lists the 10 social networks that we used for the study of this paper.…”

Section: ) Social Networkmentioning

confidence: 99%

“…Similarly, Thomas et al [34] presented a technique to evaluate URLs shared not only on social networks but also on other web services such as blogs and webmails. In another line of work, the detection of malicious pages focused on inspecting their content, for both desktop browsers (e.g., Canali et al [6]) and mobile browsers (e.g., Amrutkar et al [1]). As opposed to these works, our paper does not present a detection technique, but it studies how social platforms behave when preparing previews of malicious URLs.…”

Section: Detection Of Malicious Contentmentioning

confidence: 99%

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Stivala¹,

Pellegrino²

2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Social media has become a primary mean of content and information sharing, thanks to its speed and simplicity. In this scenario, link previews play the important role of giving a meaningful first glance to users, summarizing the content of the shared webpage within their title, description and image. In our work, we analyzed the preview-rendering process, observing how it is possible to misuse it to obtain benign-looking previews for malicious links. Concrete use-case of this research field is phishing and spam spread, considering targeted attacks in addition to large-scale campaigns. We designed a set of experiments for 20 social media platforms including social networks and instant messenger applications and found out how most of the platforms follow their own preview design and format, sometimes providing partial information. Four of these platforms allow preview crafting so as to hide the malicious target even to a tech-savvy user, and we found that it is possible to create misleading previews for the remaining 16 platforms when an attacker can register their own domain. We also observe how 18 social media platforms do not employ active nor passive countermeasures against the spread of known malicious links or software, and that existing cross-checks on malicious URLs can be bypassed through client-and serverside redirections. To conclude, we suggest seven recommendations covering the spectrum of our findings, to improve the overall preview-rendering mechanism and increase users' overall trust in social media platforms.

show abstract

Detecting Mobile Malicious Webpages in Real Time

Cited by 43 publications

References 28 publications

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

HTMLPhish: Enabling Phishing Web Page Detection by Applying Deep Learning Techniques on HTML Analysis

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Contact Info

Product

Resources

About