The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Mengesan tapak web pancingan data adalah penting. Di antara beberapa skim pengesanan, yang menjanjikan adalah pendekatan berasaskan persamaan visual. Dalam hal tersebut, ciri visual tapak web sah yang disasarkan yang dirujuk sebagai tandatangan disimpan dalam SDB (Pangkalan Data Tandatangan) oleh pentadbir sistem. Mereka hanya boleh mengesan tapak web pancingan data yang tandatangannya sangat serupa dengan tapak web SDB. Oleh itu, pentadbir sistem perlu mendaftarkan berbilang tandatangan untuk mengesan pelbagai tapak web pancingan data dan kos itu sangat tinggi. Ini menimbulkan kerentanan serangan pancingan data sifar hari. Untuk menangani isu ini, mekanisme kemas kini tandatangan automatik diperlukan. Cara naif untuk mengemas kini SDB secara automatik ialah mengembangkan skop pengesanan dengan menambahkan tandatangan tapak web pancingan data yang dikesan pada SDB. Walau bagaimanapun, pendekatan sebelumnya tidak sesuai untuk pengemaskinian automatik kerana persamaannya boleh sangat berbeza antara tapak web sah yang disasarkan dan subspesies tapak web pancingan data yang menyasarkan tapak web yang sah tersebut. Tambahan pula, tandatangan sebelumnya boleh dimanipulasi dengan mudah oleh penyerang. Untuk mengatasi masalah yang dinyatakan di atas, dalam kertas ini, kami mencadangkan sistem kemas kini automatik tandatangan warna untuk pengesanan pancingan data berasaskan persamaan visual dengan toleransi terhadap serangan sifar hari. Tapak web pancingan data yang menyasarkan tapak web sah tertentu cenderung menggunakan warna tema tapak web yang disasarkan untuk menipu pengguna. Dalam erti kata lain, pengguna boleh dengan mudah membezakan laman web pancingan data jika ia mempunyai maklumat warna yang sangat berbeza daripada yang sah yang disasarkan (cth. Facebook berwarna merah mencurigakan). Oleh itu, tandatangan hue mempunyai ciri yang sama antara tapak web sah yang disasarkan dan subspesies tapak web pancingan data, dan sukar bagi penyerang mengubahnya. Berdasarkan tanggapan ini, kami berpendapat bahawa tandatangan rona memenuhi keperluan tentang pengemaskinian automatik SDB dan keteguhan untuk memanipulasi penyerang. Kebiasaan ini boleh meluaskan skop pengesanan dengan berkesan apabila pengemaskinian automatik digunakan pada tandatangan rona. Dengan simulasi komputer dengan set data sebenar, kami menunjukkan bahawa sistem kami mencapai prestasi pengesanan yang tinggi berbanding dengan skema sebelumnya.
Shuichiro HARUTA
Keio University
Hiromu ASAHINA
Keio University
Fumitaka YAMAZAKI
Keio University
Iwao SASASE
Keio University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Shuichiro HARUTA, Hiromu ASAHINA, Fumitaka YAMAZAKI, Iwao SASASE, "Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 12, pp. 2461-2471, December 2019, doi: 10.1587/transinf.2019EDP7079.
Abstract: Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDP7079/_p
Salinan
@ARTICLE{e102-d_12_2461,
author={Shuichiro HARUTA, Hiromu ASAHINA, Fumitaka YAMAZAKI, Iwao SASASE, },
journal={IEICE TRANSACTIONS on Information},
title={Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack},
year={2019},
volume={E102-D},
number={12},
pages={2461-2471},
abstract={Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.},
keywords={},
doi={10.1587/transinf.2019EDP7079},
ISSN={1745-1361},
month={December},}
Salinan
TY - JOUR
TI - Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack
T2 - IEICE TRANSACTIONS on Information
SP - 2461
EP - 2471
AU - Shuichiro HARUTA
AU - Hiromu ASAHINA
AU - Fumitaka YAMAZAKI
AU - Iwao SASASE
PY - 2019
DO - 10.1587/transinf.2019EDP7079
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 12
JA - IEICE TRANSACTIONS on Information
Y1 - December 2019
AB - Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
ER -