Mitigate web phishing using site signatures

Chun-Ying Huang*, Shang Pin Ma, Wei Lin Yeh, Chia Yi Lin, Chien Tsung Liu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Phishing is now a serious threat to the security of Internet users' confidential information. Basically, an attacker (phisher) tricks people into divulging sensitive information by sending fake messages to a large number of users at random. Unsuspecting users who follow the instruction in the messages are directed to well-built spoofed web pages and asked to provide sensitive information, which the phisher then steals. Statistics published by the anti-phishing working group (APWG) show that, at the end of Q2 in 2008, the number of malicious web pages designed to steal users' confidential information had increased by 258% over the same period in 2007. Therefore, protecting users from phishing attacks is extremely important. Existing anti-phishing solutions detect mimicked phishing pages by either text-based features or visual similarities of web pages. The former one can be bypassed using image based phishing attacks while the latter one may suffer from great variants of phishing pages. In this paper, we propose a novel technique that identify the real domain name of a visiting web page based on signatures created for web sites. Site signatures, including distinctive texts and images, can be systematically generated by analyzing common parts from pages of a web site. On matching a signature, the domain name of the visiting URL is checked first and then redirected if the domain name is unmatched. The result shows the proposed method achieves a high accuracy and low error rates.

Original languageEnglish
Title of host publicationTENCON 2010 - 2010 IEEE Region 10 Conference
Pages803-808
Number of pages6
DOIs
StatePublished - 1 Dec 2010
Event2010 IEEE Region 10 Conference, TENCON 2010 - Fukuoka, Japan
Duration: 21 Nov 201024 Nov 2010

Publication series

NameIEEE Region 10 Annual International Conference, Proceedings/TENCON

Conference

Conference2010 IEEE Region 10 Conference, TENCON 2010
CountryJapan
CityFukuoka
Period21/11/1024/11/10

Keywords

  • Anti-Phishing
  • Feature Selection
  • Image Extraction
  • Site Signature
  • URL Redirection

Fingerprint Dive into the research topics of 'Mitigate web phishing using site signatures'. Together they form a unique fingerprint.

  • Cite this

    Huang, C-Y., Ma, S. P., Yeh, W. L., Lin, C. Y., & Liu, C. T. (2010). Mitigate web phishing using site signatures. In TENCON 2010 - 2010 IEEE Region 10 Conference (pp. 803-808). [5686582] (IEEE Region 10 Annual International Conference, Proceedings/TENCON). https://doi.org/10.1109/TENCON.2010.5686582