Detection of phishing webpages based on visual similarity

Wenyin, Liu; Huang, Guanglin; Liu, Xiaoyue; Zhang, Min; Deng, Xiaotie

doi:10.1145/1062745.1062868

Cited by 97 publications

(52 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One promising approach proposed by (Wenyin, et al 2005) suggests detecting phishing websites based on visual similarities between phishing and legitimate websites. This technique initially decomposes the webpage into salient block regions depending on visual clues.…”

Section: Cantina Work As Followmentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

130

View full text Add to dashboard Cite

The Internet has become an essential component of our everyday social and financial activities.Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods. INTRODUCTIONAlthough phishing is a relatively new web-threat, it has a massive impact on the commercial and online transaction sectors. Presumably, phishing websites have high visual similarities to the legitimate ones in an attempt to defraud the honest people. Social engineering and technical tricks are commonly combined together in order to start a phishing attack. Typically, a phishing attack starts by sending an e-mail that seems authentic to potential victims urging them to update or validate their information by following a URL link within the e-mail. Predicting and stopping phishing attack is a critical step toward protecting online transactions. Several approaches were proposed to mitigate these attacks. Nonetheless, phishing websites are expected to be more sophisticated in the future. Therefore, a promising solution that must be improved constantly is needed to keep pace with this continuous evolution. Anti-phishing measures may take several forms including: legal, education and technical solutions. To date, there is no complete solution able to capture every phishing attack. The Internet community has put in a considerable amount of effort into defensive techniques against phishing. However, the problem is continuously evolving and ever more complicated decept...

show abstract

Section: Cantina Work As Followmentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

130

View full text Add to dashboard Cite

show abstract

“…One promising approach proposed by [27] detected type of websites based on visual similarity by comparing phishing websites with the legitimate ones. This technique initially decomposed the webpage into salient block regions depending on "visual cues."…”

Section: Tf-idf (Term Frequency-inverse Document Frequency)mentioning

confidence: 99%

Predicting phishing websites based on self-structuring neural network

Mohammad

Thabtah

McCluskey

2013

Neural Comput & Applic

261

131

View full text Add to dashboard Cite

-Internet has become an essential component of our everyday social and financial activities. Nevertheless, internet-users may be vulnerable to different types of web-threats which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customer's confidence in ecommerce and online banking. Phishing is considered as a form of web-threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain confidential information such as usernames, passwords and social security number. So far, there is no single solution that can capture every phishing attack. In this article, we proposed an intelligent model for predicting phishing attacks based on Artificial Neural Network "ANN" particularly self-structuring neural networks. Phishing is a continuous problem where features significant in determining the type of webpages are constantly changing. Thus, we need to constantly improve the network structure in order to cope with these changes. Our model solves this problem by automating the process of structuring the network and shows high acceptance for noisy data, fault tolerance and high prediction accuracy. Several experiments were conducted in our research, the number of epochs differs in each experiment. From the results, we find that all produced structures have high generalization ability.

show abstract

“…o In an attempt to exploit visual similarity, Wenyin [10] proposed an approach to detect the phishing web pages based on visual similarity, if the visual similarity of these pages is higher than a predetermined threshold, this website is recorded as a suspicious and the owner is alerted.…”

Section: Related Workmentioning

confidence: 99%

Phishing Websites Detection Using Data Mining Classification Model

Jabri

Ibrahim

2015

TMLAI

View full text Add to dashboard Cite

Phishing is a significant security threat to the Internet; it is an electronic online identity theft in which the attackers use spoofing techniques like fake websites that mimic legal websites to trick users into revealing their private information. Many of successful phishing attacks do exist and subsequently a considerable number of anti-phishing methods have been proposed. However, they vary in terms of their accuracy and error rate. This paper proposes an algorithm for phishing websites detection using data mining classification model. It is implemented and experimented using a dataset composed of 20 different webpage features and 1,000 instances. The experimental results showed that the proposed algorithm outperforms the original one in terms of the number of classification rules, accuracy (87%) and less error rate (0.1 %).

show abstract

Detection of phishing webpages based on visual similarity

Cited by 97 publications

References 2 publications

Tutorial and critical analysis of phishing websites methods

Tutorial and critical analysis of phishing websites methods

Predicting phishing websites based on self-structuring neural network

Phishing Websites Detection Using Data Mining Classification Model

Contact Info

Product

Resources

About