%A WANG Wei-ping, ZHANG Bing %T Detecting phishing webpage with spoofed specific features %0 Journal Article %D 2014 %J JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) %R 10.6040/j.issn.1671-9352.2.2014.337 %P 90-96 %V 49 %N 09 %U {http://lxbwk.njournal.sdu.edu.cn/CN/abstract/article_326.shtml} %8 2014-09-20 %X Phishing usually refers to websites masquerading as legitimate sites to steal users' accounts, passwords or other private information. The phishing webpage detection based on webpage specific features has a high accuracy rate. However, existing approaches cannot deal with the phishing webpage with spoofed specific features, which will lead to false negative results. Through analyzing a large number of phishing webpage, nine kinds of spoofing methods were concluded, which can conceal real page features or deliberately insert forged features. Based on this, a new detection method was proposed to deal with the spoofed specific features, in which webpage is rendered firstly, and then the real specific page features can be extracted. In the rendering process, the behavior of URL redirection was traced so as to capture the real domain features. After rendering, the webpage content embedded in iframe tag can be extracted and the hidden elements can be removed to defend keywords spoofing. Test results show that our method can uncover various camouflages, extract real webpage features and has a high detection accuracy rate.