Phishing target detection

Abstract

Phishing is a growing problem that causes severe consequences of both financial loss and downdrift of internet security trust. Despite the fact that many anti-phishing solutions are developed and adopted to the industry, the phishing problem is not mitigated as we are witnessing an ever growing number of phishing attacks. We found phishing target detection is useful but yet missing from existing anti-phishing solutions. In this thesis, a method for automatically discovering the phishing target of a given suspicious webpage is proposed. The method first finds all associated webpages, which have either direct association relationship or indirect association relationship with the given suspicious webpage, and then finds the so-called "parasitic" community of the given suspicious webpage based on these associated webpages. Finally, the method discovers the phishing target of the given suspicious webpage from within the parasitic community as the one which has sufficiently strong parasitic relationship with the given suspicious webpage. If we can find such phishing target, we can also determine the given suspicious webpage as a phishing webpage. Otherwise, it is treated as a legitimate webpage. We have tested the proposed method thoroughly. The proposed method can achieve a phishing detection accuracy of 99.2%, a phishing target identification accuracy of 92.1%, and a false alarm rate of 0.9%-1.2%. We develop and deploy our method to a web application at www.SiteWatcher.cn. Any web users can visit the site and submit a suspicious URL to test whether it is a phishing webpage or not. If it is identified as a phishing URL, our system will also list some possible phishing targets of it. Finally, potential enterprise applications are also discussed.