Brand-Specific Phishing Expansion and Detection Solutions

doi:10.3969/j.issn.1671-1122.2023.12.001

Abstract

Abstract:

In recent years, both the number of phishing attacks and the losses caused by them have been increasing, and phishing attacks have become one of the main network security threats that people face. Currently, many phishing detection methods have been proposed to defend against phishing attacks, but most of the known phishing detection methods are passive detection and are prone to cause a large number of false positives. In response to the above issues, this paper proposed a phishing expansion method. Firstly, according to the phishing website information, it was analyzed in a multi-dimensional manner, and other related websites were obtained, so as to find more phishing websites that have not been discovered yet. Then, aiming at the visual counterfeiting characteristics of phishing websites, this paper proposed a phishing detection method based on deep learning, cutting the screenshots to obtain the area judged as a logo, and using EfficientNetV2 to mine visual counterfeiting characteristic. Finally, conducted a comprehensive evaluation of suspected phishing websites to reduce the false positive rate. The effectiveness of the method proposed in this paper was proved by the experimental verification of the existing phishing websites.

Key words: phishing detection, deep learning, picture cutting, expansion of phishing sites

CLC Number:

TP309

WEN Weiping, ZHU Yifan, LYU Zihan, LIU Chengjie. Brand-Specific Phishing Expansion and Detection Solutions[J]. Netinfo Security, 2023, 23(12): 1-9.

Figures/Tables 11

References 26

[1]	ITU. Measuring Digital Development: Facts and Figures 2022[EB/OL]. (2023-08-01)[2023-08-14]. https://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx.
[2]	HULME G V, GOODCHILD J. Social Engineering: The Basics[EB/OL]. (2010-01-14)[2023-08-14]. https://www2. cso.com.au/article/print/625643/social-engineering-basics/.
[3]	CATAL C, GIRAY G, TEKINERDOGAN B, et al. Applications of Deep Learning for Phishing Detection: A Systematic Literature Review[J]. Knowledge and Information Systems, 2022, 64(6): 1457-1500. doi: 10.1007/s10115-022-01672-x pmid: 35645443
[4]	Google. Google Safe Browsing[EB/OL]. (2021-11-14)[2023-08-14]. https://safebrowsing.google.com.
[5]	VERMA R, DYER K. On the Character of Phishing URLs: Accurate and Robust Statistical Learning Classifiers[C]// ACM. Proceedings of the 5th ACM Conference on Data and Application Security and Privacy(CODASPY’15). New York: ACM, 2015: 111-122.
[6]	KARIM A, SHAHROZ M, MUSTOFA K, et al. Phishing Detection System through Hybrid Machine Learning Based on URL[J]. IEEE Access, 2023(11): 36805-36822.
[7]	ALJOFEY A, JIANG Qingshan, QU Qiang, et al. An Effective Phishing Detection Model Based on Character Level Convolutional Neural Network from URL[EB/OL]. (2020-09-15)[2023-08-14]. https://www.mdpi.com/2079-9292/9/9/1514.
[8]	SAFI A, SINGH S. A Systematic Literature Review on Phishing Website Detection Techniques[J]. Journal of King Saud University-Computer and Information Sciences, 2023, 35(2): 590-611. doi: 10.1016/j.jksuci.2023.01.004 URL
[9]	FU A Y, LIU Wenyin, DENG Xiaotie. Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD)[J]. IEEE Transactions on Dependable and Secure Computing, 2006, 3(4): 301-311. doi: 10.1109/TDSC.2006.50 URL
[10]	ABDELNABI S, KROMBHOLZ K, FRITZ M. VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity[C]// ACM. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security(CCS’20). New York: ACM, 2020: 1681-1698.
[11]	AFROZ S, GREENSTADT R. Phishzoo: Detecting Phishing Websites by Looking at Them[C]// IEEE. 2011 IEEE Fifth International Conference on Semantic Computing. New York: IEEE, 2011: 368-375.
[12]	BOZKIR A S, AYDOS M. LogoSENSE: A Companion HOG Based Logo Detection Scheme for Phishing Web Page and E-Mail Brand Recognition[EB/OL]. (2020-08-01)[2023-08-14]. https://www.sciencedirect.com/science/article/abs/pii/S0167404820301279.
[13]	CHANG E H, CHIEW K L, TIONG W K, et al. Phishing Detection via Identification of Website Identity[C]// IEEE. 2013 International Conference on IT Convergence and Security (ICITCS). New York: IEEE, 2013: 1-4.
[14]	WANG Ge, LIU He, BECERRA S, et al. Verilogo: Proactive Phishing Detection via Logo Recognition[EB/OL]. (2011-01-01)[2023-08-14]. https://hovav.net/ucsd/dist/verilogo.pdf.
[15]	YUN Lei, LI Dan, WANG Huanhuan. Summary of Research on Phishing Website Detection Technology[J]. Reliability and Environmental Testing of Electronic Products, 2021, 39(5): 114-119.
	云雷, 李丹, 王欢欢. 钓鱼网站检测技术研究综述[J]. 电子产品可靠性与环境试验, 2021, 39(5): 114-119.
[16]	ASIRI S, XIAO Yang, ALZAHRANI S, et al. A Survey of Intelligent Detection Designs of HTML URL Phishing Attacks[J]. IEEE Access, 2023(11): 6421-6443.
[17]	BU S J, CHO S B. Deep Character-Level Anomaly Detection Based on a Convolutional Autoencoder for Zero-Day Phishing URL Detection[EB/OL]. (2021-06-17)[2023-08-14]. https://doi.org/10.3390/electronics10121492.
[18]	SOMESHA M, PAIS A R, RAO R S, et al. Efficient Deep Learning Techniques for the Detection of Phishing Websites[EB/OL]. (2020-06-17)[2023-08-14]. https://link.springer.com/article/10.1007/s12046-020-01392-4.
[19]	ADEBOWALE M A, LWIN K T, HOSSAIN M A. Intelligent Phishing Detection Scheme Using Deep Learning Algorithms[EB/OL]. (2020-06-04)[2023-08-14]. https://www.emerald.com/insight/content/doi/10.1108/JEIM-01-2020-0036/full/html.
[20]	HE Kaiming, ZHANG Xiangyu, REN Shaoqing, et al. Deep Residual Learning for Image Recognition[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2016: 770-778.
[21]	REN Shaoqing, HE Kaiming, GIRSHICK R, et al. Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2015, 39(6): 1137-1149. doi: 10.1109/TPAMI.2016.2577031 URL
[22]	ABDILLAH R, SHUKUR Z, MOHD M, et al. Performance Evaluation of Phishing Classification Techniques on Various Data Sources and Schemes[J]. IEEE Access, 2023(11): 38721-38738.
[23]	TAN Mingxing, LE Q V. Efficientnetv2: Smaller Models and Faster Training[C]// PMLR. International Conference on Machine Learning. New York: PMLR, 2021: 10096-10106.
[24]	DAVOUDI M R, YARI A R. Improving the Feature Section Method Based on Genetic Algorithm to Increase the Efficiency of Detecting Phishing Websites[J]. Automatic Control and Computer Sciences, 2023, 57(3): 213-221. doi: 10.3103/S0146411623030045
[25]	LIN Yun, LIU Ruofan, DIVAKARAN D M, et al. Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages[C]// USENIX. In 30th USENIX Security Symposium. Berlin:USENIX, 2021: 3793-3810.
[26]	WANG Jing, MIN Weiqing, HOU Sujuan, et al. Logo-2K+: A Large-Scale Logo Dataset for Scalable Logo Classification[C]// IEEE. Proceedings of the AAAI Conference on Artificial Intelligence. New York: IEEE, 2020, 34(4): 6194-6201.

特征空间	特征
窃取功能特征	<form>标签 <password>标签 <submission>标签
信用度特征	Page Rank Alexa排名域名存在时间

实验环境	具体信息
操作系统	Ubuntu
CPU	Intel(R) Xeon(R) Platinum 8369B CPU @2.90 GHz
GPU	A100(80 GB)
内存	128 GB
开发语言	Python 3.9
深度学习框架	PyTorch 2.0.1

日期	供扩线数量/个	扩线后数量/个	新钓鱼网站数量/个	后续fofa发现新网站数量/个
202301	1196	21848	105	331
202302	4445	61113	367	113
202303	1188	19708	178	147
202304	2013	36514	187	104
202305	1387	21934	96	65

模型	分类目标	召回率	精确率	F1
EMD	截图	62 %	76 %	0.68
Alexnet	截图	82 %	89 %	0.85
Alexnet	logo	95 %	97 %	0.95
EfficientNetV2	截图	85 %	91 %	0.87
EfficientNetV2	logo	97 %	98 %	0.97

评价依据	信用度特征			窃取功能特征			评价模块判断为钓鱼网站
评价依据	PageRank值低	Alexa排名低	域名存在时间短	含有<form>标签	含有<password>标签	含有<submission>标签	评价模块判断为钓鱼网站
假阳性样本	0	0	0	11	6	6	0
钓鱼网站数量/个	47	47	47	38	33	33	48