JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2014, Vol. 49 ›› Issue (09): 90-96.doi: 10.6040/j.issn.1671-9352.2.2014.337

Previous Articles     Next Articles

Detecting phishing webpage with spoofed specific features

WANG Wei-ping, ZHANG Bing   

  1. School of Information Science and Engineering, Central South University, Changsha 410083, Hunan, China
  • Received:2014-06-24 Revised:2014-08-27 Online:2014-09-20 Published:2014-09-30

Abstract: Phishing usually refers to websites masquerading as legitimate sites to steal users' accounts, passwords or other private information. The phishing webpage detection based on webpage specific features has a high accuracy rate. However, existing approaches cannot deal with the phishing webpage with spoofed specific features, which will lead to false negative results. Through analyzing a large number of phishing webpage, nine kinds of spoofing methods were concluded, which can conceal real page features or deliberately insert forged features. Based on this, a new detection method was proposed to deal with the spoofed specific features, in which webpage is rendered firstly, and then the real specific page features can be extracted. In the rendering process, the behavior of URL redirection was traced so as to capture the real domain features. After rendering, the webpage content embedded in iframe tag can be extracted and the hidden elements can be removed to defend keywords spoofing. Test results show that our method can uncover various camouflages, extract real webpage features and has a high detection accuracy rate.

Key words: phishing webpage, detection, spoofed feature

CLC Number: 

  • TP393
[1] 金山网络.2012年度计算机病毒及钓鱼网站统计报告[EB/OL].[2014-04-15]. Jinshan Network.2012 annual computer virus and fishing website statistics report[EB/OL].[2014-04-15].
[2] Google. Google safe browsing API[EB/OL].[2014-04-15].
[3] PRAKASH P, KUMAR M, KOMPELLA R R, et al. PhishNet: predictive blacklisting to detect phishing attacks[C]//Proceedings of the IEEE INFOCOM. New York: IEEE, 2010:1-5.
[4] SHENG S, WARDMAN B, WARNER G, et al. An empirical analysis of phishing blacklists[C]//Proceedings of the 6th Conference on Email and Anti-Spam. CA, USA: CEAS, 2009.
[5] GARERA S, PROVOS N, CHEW M, et al. A framework for detection and measurement of phishing attacks[C]//Proceedings of the 2007 ACM Workshop on Recurring Malcode(WORM'07).New York: ACM Press, 2007: 1-8.
[6] BASNET R B, SUNG A H. Mining web to detect phishing URLs[C]//Proceedings of the 11th International Conference on Machine Learning and Applications (ICMLA 2012).Los Alamitos: IEEE Computer Society, 2012: 568-573.
[7] ZHANG Jianyi, WANG Yonghao. A real-time automatic detection of phishing URLs[C]//Proceedings of the 2nd International Conference on Computer Science and Network Technology (ICCSNT2012). Piscatawaty: IEEE, 2012: 1212-1216.
[8] CHEN Kuanta, JAU-YUAN C, HUANG Chunrong, et al. Fighting phishing with discriminative keypoint features[J]. Proceedings of IEEE Internet Computing, 2009, 13(3): 56-63.
[9] HARA M, YAMADA A, MIYAKE Y. Visual similarity-based phishing detection without victim site information[C]//IEEE Symposium on Computational Intelligence in Cyber Security (CICS'09). Piscataway: IEEE, 2009: 30-36.
[10] 张卫丰,周毓明,许蕾,等.基于匈牙利匹配算法的钓鱼网页检测方法[J].计算机学报,2010, 33(10):1963-1975. ZHANG Weifeng, ZHOU Yuming, XU Lei, et al. A method of detecting phishing web pages based on hungarian matching algorithm[J]. Chinese Journal of Computers, 2010, 33(10): 1963-1975.
[11] CHEN T C, DICK S, MILLER J. Detecting visually similar web pages: application to phishing detection[J]. ACM Transactions on Internet Technology, 2010, 10(2): 5.1-5.38.
[12] CHOU N, LEDESMA R, TERAGUCHI Y, et al. Client-side defense against web-based identity theft[C]//Proceedings of the 11th Annual Network and Distributed System Security Symposium(NDSS 2004).[S.l.]:[s.n.],2014.
[13] JOSHI Y, SAKLIKAR S, DAS D, et al. PhishGuard: a browser plug-in for protection from phishing[C]//Proceedings of 2nd International Conference on Internet Multimedia Services Architecture and Applications (IMSAA 2008). New York: IEEE, 2008: 1-6.
[14] LIU Gang, QIU Bite, LIU Wenyin. Automatic detection of phishing target from phishing webpage[C]//Proceedings of 20th International Conference on Pattern Recognition (ICPR 2010). Los Alamitos: IEEE Computer Society, 2010: 4153-4156.
[15] ZHANG Yue, HONG Jason, CRANOR Lorrie. Cantina:a content-based approach to detecting phishing web sites[C]//Proceedings of the 16th International Conference on World Wide Web. New York: ACM Press, 2007: 639-648.
[16] XIANG Guang, HONG Jason, ROSE Carolyn, et al. CANTINA+: a feature-rich machine learning framework for detecting phishing web sites[J]. ACM Transactions on Information and System Security, 2011, 14(2): 21.1-21.28.
[17] PhishTank.基于社区的反钓鱼攻击服务[EB/OL].[2014-04-15]. valid=y&active=y. PhishTank.Community service based on the anti phishing attacks[EB/OL].[2014-04-15]. Valid=y&active=y.
[18] 丁南燕.世界各国网址大全[EB/OL].[2014-04-15]. DING Nanyan. The world web site[EB/OL].[2014-04-15].
[1] YE Xiao-ming, CHEN Xing-shu, YANG Li, WANG Wen-xian, ZHU Yi, SHAO Guo-lin, LIANG Gang. Anomaly detection model of host group based on graph-evolution events [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 1-11.
[2] . Design and implementation of topic detection in Russian news based on ontology [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 49-54.
[3] ZHANG Jun, LI Jing-fei, ZHANG Rui, RUAN Xing-mao, ZHANG Shuo. Community detection algorithm based on effective resistance of network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 24-29.
[4] WANG Kai, HONG Yu, QIU Ying-ying, WANG Jian, YAO Jian-min, ZHOU Guo-dong. Study on boundary detection of users query intents [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(9): 13-18.
[5] SUI Yun-xian, LIU Yong. Mining algorithm of E-burt structural hole based on two-step neighbor [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(9): 59-68.
[6] LIANG Xiao-lin, GUO Min, LI Jing. Parametric estimations for renewal-geometric process [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(8): 53-57.
[7] ZHUANG Zheng-mao, CHEN Xing-shu, SHAO Guo-lin, YE Xiao-ming. A time-relevant network traffic anomaly detection approach [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 68-73.
[8] WANG Tong, MA Yan-zhou, YI Mian-zhu. Speech recognition of Russian short instructions based on DTW [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(11): 29-36.
[9] . An approach of detecting LDoS attacks based on the euclidean distance of available bandwidth in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 92-100.
[10] CHEN Qiang, DU Pan, CHEN Hai-qiang, BAO Xiu-guo, LIU Yue, CHENG Xue-qi. K-Canopy:a fast data segmentation algorithm for the topic detection [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 106-112.
[11] GAO Yuan-zhao, LI Bing-long, WU Xi-xi. A forensic analysis algorithm of registry reverse reconstruction based on physical memory [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 127-136.
[12] DU Hong-le, ZHANG Yan, ZHANG Lin. Intrusion detection on imbalanced dataset [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(11): 50-57.
[13] ZHOU Xian-cun, LI Ming-xi, LI Rui-xia, XU Ming-juan, LING Hai-bo. Research on the multi-point collaboration detection against replication attacks [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2015, 50(07): 54-65.
[14] TANG Bo, CHEN Guang, WANG Xing-ya, WANG Fei, CHEN Xiao-hui. Analysis on new word detection and sentiment orientation in Micro-blog [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2015, 50(01): 20-25.
[15] WANG Lei, HE Chen, XIE Jiang-ning. Symmetry detection of point-based 3D models algorithm based on weighted PCA [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 166-170.
Full text



No Suggested Reading articles found!