Mitigate Web Phishing Using Site Signatures

Abstract

Phishing is now a serious threat to the security of Internet users' confidential information. Basically, an attacker (phisher) tricks people into divulging sensitive information by sending fake messages to a large number of users at random. Unsuspecting users who follow the instruction in the messages are directed to well-built spoofed web pages and asked to provide sensitive information, which the phisher then steals. Statistics published by the anti-phishing working group (APWG) show that, at the end of Q2 in 2008, the number of malicious web pages designed to steal users' confidential information had increased by 258% over the same period in 2007. Therefore, protecting users from phishing attacks is extremely important. Existing anti-phishing solutions detect mimicked phishing pages by either text-based features or visual similarities of web pages. The former one can be bypassed using image based phishing attacks while the latter one may suffer from great variants of phishing pages. In this paper, we propose a novel technique that identify the real domain name of a visiting web page based on signatures created for web sites. Site signatures, including distinctive texts and images, can be systematically generated by analyzing common parts from pages of a web site. On matching a signature, the domain name of the visiting URL is checked first and then redirected if the domain name is unmatched. The result shows the proposed method achieves a high accuracy and low error rates.