TY - JOUR
T1 - Hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack
AU - Haruta, Shuichiro
AU - Asahina, Hiromu
AU - Yamazaki, Fumitaka
AU - Sasase, Iwao
N1 - Funding Information:
This work is partly supported by the Grant in Aid for Scientific Research (No.17K06440) from Japan Society for Promotion of Science (JSPS).
Publisher Copyright:
Copyright c 2019 The Institute of Electronics, Information and Communication Engineers
PY - 2019
Y1 - 2019
N2 - Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website’s visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB’s one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website’s signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website’s theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers’ manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
AB - Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website’s visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB’s one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website’s signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website’s theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers’ manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
KW - Phishing detection
KW - Visual similarity
KW - Zero-day attack
UR - http://www.scopus.com/inward/record.url?scp=85076422610&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076422610&partnerID=8YFLogxK
U2 - 10.1587/transinf.2019EDP7079
DO - 10.1587/transinf.2019EDP7079
M3 - Article
AN - SCOPUS:85076422610
SN - 0916-8532
VL - E102D
SP - 2461
EP - 2471
JO - IEICE Transactions on Information and Systems
JF - IEICE Transactions on Information and Systems
IS - 12
ER -