Phishing Website Detection Using Website Logo
Phishing is an online security threat that combines social engineering and website deceiving technique to steal internet users’ confidential credential. In order to protect internet users from phishing attacks, a hybrid phishing detection method has been proposed. The proposed method utilises logo i...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
Universiti Malaysia Sarawak (UNIMAS)
2019
|
Subjects: | |
Online Access: | http://ir.unimas.my/id/eprint/25607/1/Chang%20Ee%20ft.pdf http://ir.unimas.my/id/eprint/25607/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Malaysia Sarawak |
Language: | English |
Summary: | Phishing is an online security threat that combines social engineering and website deceiving technique to steal internet users’ confidential credential. In order to protect internet users from phishing attacks, a hybrid phishing detection method has been proposed. The proposed method utilises logo image and search-engine to determine the identity consistency of a query website, where consistent identity indicates legitimate website and inconsistent identity indicates phishing website. The proposed method consists of two processes, namely logo extraction and identity verification. The first process will detect and extract the logo image from all the downloaded image resources of a webpage. Machine learning was integrated into the first process in order to ensure correct detection of the logo image. Based on the extracted logo image, the second process will employ the Google Image Search engine to retrieve the portrayed identity. Since the relationship of the logo and domain name is exclusive, the domain name is referred as the identity. A comparison will be performed between the domain names that are returned by Google with the one from the query website to verify the identity. Experiments were conducted over 1,000 samples with the true positive rate of 99.80% while the true negative rate is 87.00%. The promising results showed the reliability and capability of proposed method in detecting phishing websites. Benchmarking results also demonstrated the proposed method is superior than the existing similar method. In summary, the proposed method proved the effectiveness and feasibility of using a graphical element such as the logo in identity determination and phishing detection.
Keywords: Phishing detection, website logo, website identity, Google image search,
identity consistency, logo extraction |
---|