PhishZoo: Detecting phishing websites by looking at them

Sadia Afroz, Rachel Greenstadt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Phishing is a security attack that involves obtaining sensitive or otherwise private data by presenting oneself as a trustworthy entity. Phishers often exploit users' trust on the appearance of a site by using webpages that are visually similar to an authentic site. This paper proposes a phishing detection approach-PhishZoo-that uses profiles of trusted websites' appearances to detect phishing. Our approach provides similar accuracy to blacklisting approaches (96%), with the advantage that it can classify zero-day phishing attacks and targeted attacks against smaller sites (such as corporate intranets). A key contribution of this paper is that it includes a performance analysis and a framework for making use of computer vision techniques in a practical way.

    Original languageEnglish (US)
    Title of host publicationProceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011
    Pages368-375
    Number of pages8
    DOIs
    StatePublished - Nov 21 2011
    Event5th Annual IEEE International Conference on Semantic Computing, ICSC 2011 - Palo Alto, CA, United States
    Duration: Sep 18 2011Sep 21 2011

    Publication series

    NameProceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011

    Conference

    Conference5th Annual IEEE International Conference on Semantic Computing, ICSC 2011
    CountryUnited States
    CityPalo Alto, CA
    Period9/18/119/21/11

    Fingerprint

    Intranets
    Websites
    Attack
    Computer Vision
    Computer vision
    Performance Analysis
    Classify
    Zero

    ASJC Scopus subject areas

    • Computational Theory and Mathematics
    • Computer Science Applications
    • Theoretical Computer Science

    Cite this

    Afroz, S., & Greenstadt, R. (2011). PhishZoo: Detecting phishing websites by looking at them. In Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011 (pp. 368-375). [6061361] (Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011). https://doi.org/10.1109/ICSC.2011.52

    PhishZoo : Detecting phishing websites by looking at them. / Afroz, Sadia; Greenstadt, Rachel.

    Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011. 2011. p. 368-375 6061361 (Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Afroz, S & Greenstadt, R 2011, PhishZoo: Detecting phishing websites by looking at them. in Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011., 6061361, Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011, pp. 368-375, 5th Annual IEEE International Conference on Semantic Computing, ICSC 2011, Palo Alto, CA, United States, 9/18/11. https://doi.org/10.1109/ICSC.2011.52
    Afroz S, Greenstadt R. PhishZoo: Detecting phishing websites by looking at them. In Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011. 2011. p. 368-375. 6061361. (Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011). https://doi.org/10.1109/ICSC.2011.52
    Afroz, Sadia ; Greenstadt, Rachel. / PhishZoo : Detecting phishing websites by looking at them. Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011. 2011. pp. 368-375 (Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011).
    @inproceedings{cc95bb22049c47489c052925bb619c9c,
    title = "PhishZoo: Detecting phishing websites by looking at them",
    abstract = "Phishing is a security attack that involves obtaining sensitive or otherwise private data by presenting oneself as a trustworthy entity. Phishers often exploit users' trust on the appearance of a site by using webpages that are visually similar to an authentic site. This paper proposes a phishing detection approach-PhishZoo-that uses profiles of trusted websites' appearances to detect phishing. Our approach provides similar accuracy to blacklisting approaches (96{\%}), with the advantage that it can classify zero-day phishing attacks and targeted attacks against smaller sites (such as corporate intranets). A key contribution of this paper is that it includes a performance analysis and a framework for making use of computer vision techniques in a practical way.",
    author = "Sadia Afroz and Rachel Greenstadt",
    year = "2011",
    month = "11",
    day = "21",
    doi = "10.1109/ICSC.2011.52",
    language = "English (US)",
    isbn = "9780769544922",
    series = "Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011",
    pages = "368--375",
    booktitle = "Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011",

    }

    TY - GEN

    T1 - PhishZoo

    T2 - Detecting phishing websites by looking at them

    AU - Afroz, Sadia

    AU - Greenstadt, Rachel

    PY - 2011/11/21

    Y1 - 2011/11/21

    N2 - Phishing is a security attack that involves obtaining sensitive or otherwise private data by presenting oneself as a trustworthy entity. Phishers often exploit users' trust on the appearance of a site by using webpages that are visually similar to an authentic site. This paper proposes a phishing detection approach-PhishZoo-that uses profiles of trusted websites' appearances to detect phishing. Our approach provides similar accuracy to blacklisting approaches (96%), with the advantage that it can classify zero-day phishing attacks and targeted attacks against smaller sites (such as corporate intranets). A key contribution of this paper is that it includes a performance analysis and a framework for making use of computer vision techniques in a practical way.

    AB - Phishing is a security attack that involves obtaining sensitive or otherwise private data by presenting oneself as a trustworthy entity. Phishers often exploit users' trust on the appearance of a site by using webpages that are visually similar to an authentic site. This paper proposes a phishing detection approach-PhishZoo-that uses profiles of trusted websites' appearances to detect phishing. Our approach provides similar accuracy to blacklisting approaches (96%), with the advantage that it can classify zero-day phishing attacks and targeted attacks against smaller sites (such as corporate intranets). A key contribution of this paper is that it includes a performance analysis and a framework for making use of computer vision techniques in a practical way.

    UR - http://www.scopus.com/inward/record.url?scp=81255209593&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=81255209593&partnerID=8YFLogxK

    U2 - 10.1109/ICSC.2011.52

    DO - 10.1109/ICSC.2011.52

    M3 - Conference contribution

    SN - 9780769544922

    T3 - Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011

    SP - 368

    EP - 375

    BT - Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011

    ER -