Personalized, Browser-based Visual Phishing Detection Based on Deep Learning

posted Sep 5, 2018, 3:48 AM by Eric Medvet   [ updated Sep 5, 2018, 4:18 AM ]
  • 13th International Conference on Risks and Security of Internet and Systems (CRiSIS), 2018, Arachon (France), to appear
  • Alberto Bartoli, Andrea De Lorenzo, Eric Medvet, Fabiano Tarlao
Phishing defense mechanisms that are close to browsers and that do not rely on any forms of website reputation may be a powerful tool for combating phishing campaigns that are increasingly more targeted and last for increasingly shorter life spans. Browser-based phishing detectors that are specialized for a user-selected set of targeted web sites and that are based only on the overall visual appearance of a target could be a very effective tool in this respect. Approaches of this kind have not been very successful for several reasons, including the difficulty of coping with the large set of genuine pages encountered in normal browser usage without flooding the user with false positives. In this work we intend to investigate whether then the power of modern deep learning methodologies for image classification may enable solutions that are more practical and effective. Our experimental assessment of a convolutional neural network resulted in very high classification accuracy for targeted sets of 15 websites (the largest size that we analyzed) even when immersed in a set of login pages taken from 100 websites.