针对品牌的网络钓鱼扩线与检测方案

doi:10.3969/j.issn.1671-1122.2023.12.001

摘要/Abstract

摘要：

近年来，无论是钓鱼攻击的数量还是其造成的损失都在不断增加，网络钓鱼攻击成为人们面临的主要网络安全威胁之一。当前，已有许多网络钓鱼检测方法被相继提出以抵御网络钓鱼攻击，但现有钓鱼检测方法多为被动检测，且容易引起大量误报。针对上述问题，文章提出一种钓鱼扩线方法。首先，根据钓鱼网站的信息从多维度进行分析，得到与之相关的其他网站，以找到更多还未被发现的钓鱼网站；然后，针对钓鱼网站的视觉仿冒特性，提出一种基于深度学习的网络钓鱼检测方法，将截图进行切割，得到判定为logo的区域，再使用EfficientNetV2挖掘视觉仿冒特性；最后，对疑似钓鱼网站进行综合评价，以降低误报率。通过对现有钓鱼网站进行实验验证，证明了文章所提方法的有效性。

关键词: 网络钓鱼检测, 深度学习, 图片切割, 主动扩线

Abstract:

In recent years, both the number of phishing attacks and the losses caused by them have been increasing, and phishing attacks have become one of the main network security threats that people face. Currently, many phishing detection methods have been proposed to defend against phishing attacks, but most of the known phishing detection methods are passive detection and are prone to cause a large number of false positives. In response to the above issues, this paper proposed a phishing expansion method. Firstly, according to the phishing website information, it was analyzed in a multi-dimensional manner, and other related websites were obtained, so as to find more phishing websites that have not been discovered yet. Then, aiming at the visual counterfeiting characteristics of phishing websites, this paper proposed a phishing detection method based on deep learning, cutting the screenshots to obtain the area judged as a logo, and using EfficientNetV2 to mine visual counterfeiting characteristic. Finally, conducted a comprehensive evaluation of suspected phishing websites to reduce the false positive rate. The effectiveness of the method proposed in this paper was proved by the experimental verification of the existing phishing websites.

Key words: phishing detection, deep learning, picture cutting, expansion of phishing sites

中图分类号:

TP309

文伟平, 朱一帆, 吕子晗, 刘成杰. 针对品牌的网络钓鱼扩线与检测方案[J]. 信息网络安全, 2023, 23(12): 1-9.

WEN Weiping, ZHU Yifan, LYU Zihan, LIU Chengjie. Brand-Specific Phishing Expansion and Detection Solutions[J]. Netinfo Security, 2023, 23(12): 1-9.

图/表 11

图1

图2

图3

图4

表1

表2

表3

图5

图6

表4

表5

参考文献 26

[1]	ITU. Measuring Digital Development: Facts and Figures 2022[EB/OL]. (2023-08-01)[2023-08-14]. https://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx.
[2]	HULME G V, GOODCHILD J. Social Engineering: The Basics[EB/OL]. (2010-01-14)[2023-08-14]. https://www2. cso.com.au/article/print/625643/social-engineering-basics/.
[3]	CATAL C, GIRAY G, TEKINERDOGAN B, et al. Applications of Deep Learning for Phishing Detection: A Systematic Literature Review[J]. Knowledge and Information Systems, 2022, 64(6): 1457-1500. doi: 10.1007/s10115-022-01672-x pmid: 35645443
[4]	Google. Google Safe Browsing[EB/OL]. (2021-11-14)[2023-08-14]. https://safebrowsing.google.com.
[5]	VERMA R, DYER K. On the Character of Phishing URLs: Accurate and Robust Statistical Learning Classifiers[C]// ACM. Proceedings of the 5th ACM Conference on Data and Application Security and Privacy(CODASPY’15). New York: ACM, 2015: 111-122.
[6]	KARIM A, SHAHROZ M, MUSTOFA K, et al. Phishing Detection System through Hybrid Machine Learning Based on URL[J]. IEEE Access, 2023(11): 36805-36822.
[7]	ALJOFEY A, JIANG Qingshan, QU Qiang, et al. An Effective Phishing Detection Model Based on Character Level Convolutional Neural Network from URL[EB/OL]. (2020-09-15)[2023-08-14]. https://www.mdpi.com/2079-9292/9/9/1514.
[8]	SAFI A, SINGH S. A Systematic Literature Review on Phishing Website Detection Techniques[J]. Journal of King Saud University-Computer and Information Sciences, 2023, 35(2): 590-611. doi: 10.1016/j.jksuci.2023.01.004 URL
[9]	FU A Y, LIU Wenyin, DENG Xiaotie. Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD)[J]. IEEE Transactions on Dependable and Secure Computing, 2006, 3(4): 301-311. doi: 10.1109/TDSC.2006.50 URL
[10]	ABDELNABI S, KROMBHOLZ K, FRITZ M. VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity[C]// ACM. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security(CCS’20). New York: ACM, 2020: 1681-1698.
[11]	AFROZ S, GREENSTADT R. Phishzoo: Detecting Phishing Websites by Looking at Them[C]// IEEE. 2011 IEEE Fifth International Conference on Semantic Computing. New York: IEEE, 2011: 368-375.
[12]	BOZKIR A S, AYDOS M. LogoSENSE: A Companion HOG Based Logo Detection Scheme for Phishing Web Page and E-Mail Brand Recognition[EB/OL]. (2020-08-01)[2023-08-14]. https://www.sciencedirect.com/science/article/abs/pii/S0167404820301279.
[13]	CHANG E H, CHIEW K L, TIONG W K, et al. Phishing Detection via Identification of Website Identity[C]// IEEE. 2013 International Conference on IT Convergence and Security (ICITCS). New York: IEEE, 2013: 1-4.
[14]	WANG Ge, LIU He, BECERRA S, et al. Verilogo: Proactive Phishing Detection via Logo Recognition[EB/OL]. (2011-01-01)[2023-08-14]. https://hovav.net/ucsd/dist/verilogo.pdf.
[15]	YUN Lei, LI Dan, WANG Huanhuan. Summary of Research on Phishing Website Detection Technology[J]. Reliability and Environmental Testing of Electronic Products, 2021, 39(5): 114-119.
	云雷, 李丹, 王欢欢. 钓鱼网站检测技术研究综述[J]. 电子产品可靠性与环境试验, 2021, 39(5): 114-119.
[16]	ASIRI S, XIAO Yang, ALZAHRANI S, et al. A Survey of Intelligent Detection Designs of HTML URL Phishing Attacks[J]. IEEE Access, 2023(11): 6421-6443.
[17]	BU S J, CHO S B. Deep Character-Level Anomaly Detection Based on a Convolutional Autoencoder for Zero-Day Phishing URL Detection[EB/OL]. (2021-06-17)[2023-08-14]. https://doi.org/10.3390/electronics10121492.
[18]	SOMESHA M, PAIS A R, RAO R S, et al. Efficient Deep Learning Techniques for the Detection of Phishing Websites[EB/OL]. (2020-06-17)[2023-08-14]. https://link.springer.com/article/10.1007/s12046-020-01392-4.
[19]	ADEBOWALE M A, LWIN K T, HOSSAIN M A. Intelligent Phishing Detection Scheme Using Deep Learning Algorithms[EB/OL]. (2020-06-04)[2023-08-14]. https://www.emerald.com/insight/content/doi/10.1108/JEIM-01-2020-0036/full/html.
[20]	HE Kaiming, ZHANG Xiangyu, REN Shaoqing, et al. Deep Residual Learning for Image Recognition[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2016: 770-778.
[21]	REN Shaoqing, HE Kaiming, GIRSHICK R, et al. Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2015, 39(6): 1137-1149. doi: 10.1109/TPAMI.2016.2577031 URL
[22]	ABDILLAH R, SHUKUR Z, MOHD M, et al. Performance Evaluation of Phishing Classification Techniques on Various Data Sources and Schemes[J]. IEEE Access, 2023(11): 38721-38738.
[23]	TAN Mingxing, LE Q V. Efficientnetv2: Smaller Models and Faster Training[C]// PMLR. International Conference on Machine Learning. New York: PMLR, 2021: 10096-10106.
[24]	DAVOUDI M R, YARI A R. Improving the Feature Section Method Based on Genetic Algorithm to Increase the Efficiency of Detecting Phishing Websites[J]. Automatic Control and Computer Sciences, 2023, 57(3): 213-221. doi: 10.3103/S0146411623030045
[25]	LIN Yun, LIU Ruofan, DIVAKARAN D M, et al. Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages[C]// USENIX. In 30th USENIX Security Symposium. Berlin:USENIX, 2021: 3793-3810.
[26]	WANG Jing, MIN Weiqing, HOU Sujuan, et al. Logo-2K+: A Large-Scale Logo Dataset for Scalable Logo Classification[C]// IEEE. Proceedings of the AAAI Conference on Artificial Intelligence. New York: IEEE, 2020, 34(4): 6194-6201.

特征空间	特征
窃取功能特征	<form>标签 <password>标签 <submission>标签
信用度特征	Page Rank Alexa排名域名存在时间

实验环境	具体信息
操作系统	Ubuntu
CPU	Intel(R) Xeon(R) Platinum 8369B CPU @2.90 GHz
GPU	A100(80 GB)
内存	128 GB
开发语言	Python 3.9
深度学习框架	PyTorch 2.0.1

日期	供扩线数量/个	扩线后数量/个	新钓鱼网站数量/个	后续fofa发现新网站数量/个
202301	1196	21848	105	331
202302	4445	61113	367	113
202303	1188	19708	178	147
202304	2013	36514	187	104
202305	1387	21934	96	65

模型	分类目标	召回率	精确率	F1
EMD	截图	62 %	76 %	0.68
Alexnet	截图	82 %	89 %	0.85
Alexnet	logo	95 %	97 %	0.95
EfficientNetV2	截图	85 %	91 %	0.87
EfficientNetV2	logo	97 %	98 %	0.97

评价依据	信用度特征			窃取功能特征			评价模块判断为钓鱼网站
评价依据	PageRank值低	Alexa排名低	域名存在时间短	含有<form>标签	含有<password>标签	含有<submission>标签	评价模块判断为钓鱼网站
假阳性样本	0	0	0	11	6	6	0
钓鱼网站数量/个	47	47	47	38	33	33	48