Phish-IRIS: A New Approach for Vision Based Brand Prediction of Phishing Web Pages via Compact Visual Descriptors

Dalgic, Firat Coskun; Bozkır, Ahmet Selman; Aydos, Murat

doi:10.1109/ismsit.2018.8567299

Cited by 26 publications

(27 citation statements)

References 15 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apart from HTML content based analysis, they have leveraged descriptors of HOG and Color Context Histograms for revealing color and edge structures belonging to web page snapshots. Similar to Dalgic et al's work [4] they have also applied tile based finer grain analysis in terms of feature representation. Apart from having achieved high classification accuracy their work also exhibits a robust scheme against evasion techniques for phishing instances.…”

Section: Related Workmentioning

confidence: 96%

“…However, keeping such kind of a huge list is costly and susceptible to "zero-hour" attacks causing vulnerability to undiscovered and non-reported new phishing web pages. As stated in [2,4], heuristics bases approaches employ several features from various source of information such as image, text, URL and DNS records from both legitimate and phishing web sites. Meanwhile, these features are often fed into machine learning methods in order to create effective classifiers for identifying whether a suspicious web page is phishing.…”

Section: Introductionmentioning

confidence: 99%

“…Apart from one dimensional code, web pages can actually be considered as two dimensional visual stimuli since they are being perceived by users as a graphical entity following to rendering process by browsers [4]. Based on this fact, scammers design and implement phishing web pages being visually similar to their counterparts defined as visual deception [6].…”

Section: Introductionmentioning

confidence: 99%

“…In this context, we aimed to examine the effect of sampling strategy and rotational variance in problem domain.Furthermore, we have investigated and compared the performance of these two descriptors in the field of phishing web page identification. Moreover, we have trained and tested the suggested scheme on a verified publicly available dataset named as "Phish-Iris" [4]. The dataset subjected to this study involves 1313 training and 1539 testing samples covering 14 different highly phished companies along with a dominant legitimate set.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Local Image Descriptor Based Phishing Web Page Recognition as an Open-Set Problem

Bozkır¹,

Aydos²

2019

European Journal of Science and Technology

View full text Add to dashboard Cite

With the advent of e-commerce, digital services and social media, scammers have changed their way to gain illegal benefits in various forms such as capturing the credit card information or exploiting personal cloud accounts which is termed as phishing. For this reason, against this cyber crime, last two decades have witnessed a variety of combatting methodologies like HTML content based similarity analysis, URL based classification and recently visual similarity based matching since phishing web pages visually mimic to their legitimate counterparts in order to create an illusion to deceive innocent users. To this end, in this study, we propose a computer vision and machine learning based approach in order to classify whether a suspicious web page is phishing and further recognize its original brand name. In this regard, we have utilized and investigated two different local image descriptors namely Scale Invariant Feature Transform (SIFT) and DAISY. Apart from their common properties such as scale invariance, the aforementioned descriptors have apparent differences such that in addition to rotational invariance, SIFT employs key-point based sampling whereas DAISY applies dense sampling by default. Therefore, we first aimed to investigate the feasibility of these two local image descriptors in addition to revealing the effects of sampling strategy and rotational invariance in problem domain. Furthermore, in order to create a discriminative representation of a web page, we followed the bag of visual words (BOVW) approach having different vocabulary sizes such as 50, 100, 200 and 400. In order to evaluate the proposed approach, we have utilized a publicly available phishing dataset including snapshots of webpages sampled from both 14 different highly phished brands and ordinary legitimate web pages yielding a challenging open-set problem. The aforementioned dataset involves 1313 training and 1539 testing image samples in total. The visual features extracted via SIFT and DAISY were first transformed to a BOVW histogram and fed to three different machine learning methods such as SVM, Random Forest and XGBoost. According to the conducted experiments, based on a 400-D visual vocabulary, SIFT descriptor along with XGBoost has been found as the best descriptor-learner configuration having reached up to 89.34% validation accuracy with 0.76% false positive rate. Moreover, SIFT has outperformed DAISY descriptor in all settings. As a result, it has been shown that SIFT descriptors equipped with BOVW representation can be effectively used for brand identification of phishing web pages.

show abstract

Section: Related Workmentioning

confidence: 96%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Local Image Descriptor Based Phishing Web Page Recognition as an Open-Set Problem

Bozkır¹,

Aydos²

2019

European Journal of Science and Technology

View full text Add to dashboard Cite

show abstract

“…F.C. Dalgic [11] proposed to utilize SPM to count the features of a website screenshot. Usually, the victims are attacked since they clicked on the URL of the phishing website posted by the attacker.…”

mentioning

confidence: 99%