Phishing page detection via learning classifiers from page layout feature

被引:0
作者
Jian Mao
Jingdong Bian
Wenqian Tian
Shishi Zhu
Tao Wei
Aili Li
Zhenkai Liang
机构
[1] School of Cyber Science and Technology,
[2] Beihang University,undefined
[3] School of Electronic and Information Engineering,undefined
[4] Beihang University,undefined
[5] Baidu USA LLC,undefined
[6] Bordeaux Drive,undefined
[7] Information Technology Service Center,undefined
[8] China National Petroleum Corporation,undefined
[9] School of Computing,undefined
[10] National University of Singapore,undefined
来源
EURASIP Journal on Wireless Communications and Networking | / 2019卷
关键词
Anti-phishing; Machine learning; Aggregation analysis;
D O I
暂无
中图分类号
学科分类号
摘要
The web technology has become the cornerstone of a wide range of platforms, such as mobile services and smart Internet-of-things (IoT) systems. In such platforms, users’ data are aggregated to a cloud-based platform, where web applications are used as a key interface to access and configure user data. Securing the web interface requires solutions to deal with threats from both technical vulnerabilities and social factors. Phishing attacks are one of the most commonly exploited vectors in social engineering attacks. The attackers use web pages visually mimicking legitimate web sites, such as banking and government services, to collect users’ sensitive information. Existing phishing defense mechanisms based on URLs or page contents are often evaded by attackers. Recent research has demonstrated that visual layout similarity can be used as a robust basis to detect phishing attacks. In particular, features extracted from CSS layout files can be used to measure page similarity. However, it needs human expertise in specifying how to measure page similarity based on such features. In this paper, we aim to enable automated page-layout-based phishing detection techniques using machine learning techniques. We propose a learning-based aggregation analysis mechanism to decide page layout similarity, which is used to detect phishing pages. We prototype our solution and evaluate four popular machine learning classifiers on their accuracy and the factors affecting their results.
引用
收藏
相关论文
共 29 条
  • [1] Ronda T(2008)itrustpage: a user-assisted anti-phishing tool ACM SIGOPS Oper. Syst. Rev. 42 261-272
  • [2] Saroiu S(2017)Phishing-alarm: robust and efficient phishing detection via page component similarity IEEE Access 5 17020-17030
  • [3] Wolman A(2011)Cantina+: a feature-rich machine learning framework for detecting phishing web sites ACM Trans. Inf. Syst. (TISSEC) 14 1-28
  • [4] Mao J.(2014)Phishing detection based associative classification data mining Expert Syst. Appl. 41 5948-5959
  • [5] Tian W.(2010)Detecting visually similar web pages: application to phishing detection ACM Trans. Internet Technol. 10 1-38
  • [6] Li P.(2013)Web phishing detection based on page spatial layout similarity Informatica 37 231-244
  • [7] Wei T.(2016)New rule-based phishing detection method Expert Syst. Appl. 53 231-242
  • [8] Liang Z.(1995)Support-vector networks Mach. Learn. 20 273-297
  • [9] Xiang G.(1997)A decision-theoretic generalization of on-line learning and an application to boosting Comput, J., Syst. Sci. 55 119-139
  • [10] Hong J.(2001)Random forests Mach. Learn. 45 5-32
123