Hybrid phishing detection using joint visual and textual identity

Choon Lin Tan; Kang Leng Chiew; Kelvin S. C. Yong; Yakub Sebastian; Joel Chia Ming Than; Wei King Tiong

doi:10.1016/j.eswa.2023.119723

Hybrid phishing detection using joint visual and textual identity

Choon Lin Tan, Kang Leng Chiew, Kelvin S. C. Yong, Yakub Sebastian, Joel Chia Ming Than, Wei King Tiong

Research output: Contribution to journal › Article › peer-review

Abstract

In recent years, phishing attacks have evolved considerably, causing existing adversarial features that were widely utilised for detecting phishing websites to become less discriminative. These developments have fuelled growing interests among security researchers towards an anti-phishing strategy known as the identity-based detection technique. Identity-based detection techniques have consistently achieved high true positive rates in a rapidly changing phishing landscape, owing to its capitalisation on fundamental brand identity relations that are inherent in most legitimate webpages. However, existing identity-based techniques often suffer higher false positive rates due to complexities and challenges in establishing the webpage’s brand identity. To close the existing performance gap, this paper proposes a new hybrid identity-based phishing detection technique that leverages webpage visual and textual identity. Extending earlier anti-phishing work based on the website logo as visual identity, our method incorporates novel image features that mimic human vision to enhance the logo detection accuracy. The proposed hybrid technique integrates the visual identity with a textual identity, namely, brand-specific keywords derived from the webpage content using textual analysis methods. We empirically demonstrated on multiple benchmark datasets that this joint visual-textual identity detection approach significantly improves phishing detection performance with an overall accuracy of 98.6%. Benchmarking results against an existing technique showed comparable true positive rates and a reduction of up to 3.4% in false positive rates, thus affirming our objective of reducing the misclassification of legitimate webpages without sacrificing the phishing detection performance. The proposed hybrid identity-based technique is proven to be a significant and practical contribution that will enrich the anti-phishing community with improved defence strategies against rapidly evolving phishing schemes.

Original language	English
Article number	119723
Pages (from-to)	1-16
Number of pages	16
Journal	Expert Systems with Applications
Volume	220
DOIs	https://doi.org/10.1016/j.eswa.2023.119723
Publication status	E-pub ahead of print - 23 Feb 2023

Access to Document

10.1016/j.eswa.2023.119723

Cite this

@article{c3d0af48d0f94936bff5cceb108eadea,

title = "Hybrid phishing detection using joint visual and textual identity",

abstract = "In recent years, phishing attacks have evolved considerably, causing existing adversarial features that were widely utilised for detecting phishing websites to become less discriminative. These developments have fuelled growing interests among security researchers towards an anti-phishing strategy known as the identity-based detection technique. Identity-based detection techniques have consistently achieved high true positive rates in a rapidly changing phishing landscape, owing to its capitalisation on fundamental brand identity relations that are inherent in most legitimate webpages. However, existing identity-based techniques often suffer higher false positive rates due to complexities and challenges in establishing the webpage{\textquoteright}s brand identity. To close the existing performance gap, this paper proposes a new hybrid identity-based phishing detection technique that leverages webpage visual and textual identity. Extending earlier anti-phishing work based on the website logo as visual identity, our method incorporates novel image features that mimic human vision to enhance the logo detection accuracy. The proposed hybrid technique integrates the visual identity with a textual identity, namely, brand-specific keywords derived from the webpage content using textual analysis methods. We empirically demonstrated on multiple benchmark datasets that this joint visual-textual identity detection approach significantly improves phishing detection performance with an overall accuracy of 98.6%. Benchmarking results against an existing technique showed comparable true positive rates and a reduction of up to 3.4% in false positive rates, thus affirming our objective of reducing the misclassification of legitimate webpages without sacrificing the phishing detection performance. The proposed hybrid identity-based technique is proven to be a significant and practical contribution that will enrich the anti-phishing community with improved defence strategies against rapidly evolving phishing schemes.",

keywords = "Brand names, Computer vision, Logo detection, Phishing detection, Web security, Website identity",

author = "Tan, {Choon Lin} and Chiew, {Kang Leng} and Yong, {Kelvin S. C.} and Yakub Sebastian and Than, {Joel Chia Ming} and Tiong, {Wei King}",

note = "Funding Information: The funding for this project is made possible through the research grant obtained from UNIMAS, Malaysia under the Dana Pelajar PhD [Grant No: F08/DPP/1649/2018 ]. This work is also supported by the Sarawak Foundation Tun Taib Scholarship Scheme, Malaysia . Publisher Copyright: {\textcopyright} 2023 Elsevier Ltd",

year = "2023",

month = feb,

day = "23",

doi = "10.1016/j.eswa.2023.119723",

language = "English",

volume = "220",

pages = "1--16",

journal = "Expert Systems with Applications",

issn = "0957-4174",

publisher = "Elsevier",

}

TY - JOUR

T1 - Hybrid phishing detection using joint visual and textual identity

AU - Tan, Choon Lin

AU - Chiew, Kang Leng

AU - Yong, Kelvin S. C.

AU - Sebastian, Yakub

AU - Than, Joel Chia Ming

AU - Tiong, Wei King

N1 - Funding Information: The funding for this project is made possible through the research grant obtained from UNIMAS, Malaysia under the Dana Pelajar PhD [Grant No: F08/DPP/1649/2018 ]. This work is also supported by the Sarawak Foundation Tun Taib Scholarship Scheme, Malaysia . Publisher Copyright: © 2023 Elsevier Ltd

PY - 2023/2/23

Y1 - 2023/2/23

N2 - In recent years, phishing attacks have evolved considerably, causing existing adversarial features that were widely utilised for detecting phishing websites to become less discriminative. These developments have fuelled growing interests among security researchers towards an anti-phishing strategy known as the identity-based detection technique. Identity-based detection techniques have consistently achieved high true positive rates in a rapidly changing phishing landscape, owing to its capitalisation on fundamental brand identity relations that are inherent in most legitimate webpages. However, existing identity-based techniques often suffer higher false positive rates due to complexities and challenges in establishing the webpage’s brand identity. To close the existing performance gap, this paper proposes a new hybrid identity-based phishing detection technique that leverages webpage visual and textual identity. Extending earlier anti-phishing work based on the website logo as visual identity, our method incorporates novel image features that mimic human vision to enhance the logo detection accuracy. The proposed hybrid technique integrates the visual identity with a textual identity, namely, brand-specific keywords derived from the webpage content using textual analysis methods. We empirically demonstrated on multiple benchmark datasets that this joint visual-textual identity detection approach significantly improves phishing detection performance with an overall accuracy of 98.6%. Benchmarking results against an existing technique showed comparable true positive rates and a reduction of up to 3.4% in false positive rates, thus affirming our objective of reducing the misclassification of legitimate webpages without sacrificing the phishing detection performance. The proposed hybrid identity-based technique is proven to be a significant and practical contribution that will enrich the anti-phishing community with improved defence strategies against rapidly evolving phishing schemes.

AB - In recent years, phishing attacks have evolved considerably, causing existing adversarial features that were widely utilised for detecting phishing websites to become less discriminative. These developments have fuelled growing interests among security researchers towards an anti-phishing strategy known as the identity-based detection technique. Identity-based detection techniques have consistently achieved high true positive rates in a rapidly changing phishing landscape, owing to its capitalisation on fundamental brand identity relations that are inherent in most legitimate webpages. However, existing identity-based techniques often suffer higher false positive rates due to complexities and challenges in establishing the webpage’s brand identity. To close the existing performance gap, this paper proposes a new hybrid identity-based phishing detection technique that leverages webpage visual and textual identity. Extending earlier anti-phishing work based on the website logo as visual identity, our method incorporates novel image features that mimic human vision to enhance the logo detection accuracy. The proposed hybrid technique integrates the visual identity with a textual identity, namely, brand-specific keywords derived from the webpage content using textual analysis methods. We empirically demonstrated on multiple benchmark datasets that this joint visual-textual identity detection approach significantly improves phishing detection performance with an overall accuracy of 98.6%. Benchmarking results against an existing technique showed comparable true positive rates and a reduction of up to 3.4% in false positive rates, thus affirming our objective of reducing the misclassification of legitimate webpages without sacrificing the phishing detection performance. The proposed hybrid identity-based technique is proven to be a significant and practical contribution that will enrich the anti-phishing community with improved defence strategies against rapidly evolving phishing schemes.

KW - Brand names

KW - Computer vision

KW - Logo detection

KW - Phishing detection

KW - Web security

KW - Website identity

UR - http://www.scopus.com/inward/record.url?scp=85148539454&partnerID=8YFLogxK

U2 - 10.1016/j.eswa.2023.119723

DO - 10.1016/j.eswa.2023.119723

M3 - Article

SN - 0957-4174

VL - 220

SP - 1

EP - 16

JO - Expert Systems with Applications

JF - Expert Systems with Applications

M1 - 119723

ER -

Hybrid phishing detection using joint visual and textual identity

Abstract

Access to Document

Other files and links

Fingerprint

Cite this