Utilisation of website logo for phishing detection
Phishing is a security threat which combines social engineering and website spoofing techniques to deceive users into revealing confidential information. In this paper, we propose a phishing detection method to protect Internet users from the phishing attacks. In particular, given a website, our pro...
Saved in:
Main Authors: | , , , |
---|---|
Format: | E-Article |
Published: |
Elsevier Ltd
2015
|
Subjects: | |
Online Access: | http://ir.unimas.my/id/eprint/12739/ https://www.scopus.com/record/display.uri?eid=2-s2.0-84949623528&origin=inward&txGid=0 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.unimas.ir.12739 |
---|---|
record_format |
eprints |
spelling |
my.unimas.ir.127392016-08-01T07:56:27Z http://ir.unimas.my/id/eprint/12739/ Utilisation of website logo for phishing detection Chiew, K.L. Chang, E.H. Sze, S.N. Tiong, W.K. T Technology (General) Phishing is a security threat which combines social engineering and website spoofing techniques to deceive users into revealing confidential information. In this paper, we propose a phishing detection method to protect Internet users from the phishing attacks. In particular, given a website, our proposed method will be able to detect if it is a phishing website. We use a logo image to determine the identity consistency between the real and the portrayed identity of a website. Consistent identity indicates a legitimate website and inconsistent identity indicates a phishing website. The proposed method consists of two processes, namely logo extraction and identity verification. The first process will detect and extract the logo image from all the downloaded image resources of a webpage. In order to detect the right logo image, we utilise a machine learning technique. Based on the extracted logo image, the second process will employ the Google image search to retrieve the portrayed identity. Since the relationship between the logo and domain name is exclusive, it is reasonable to treat the domain name as the identity. Hence, a comparison between the domain name returned by Google with the one from the query website will enable us to differentiate a phishing from a legitimate website. The conducted experiments show reliable and promising results. This proves the effectiveness and feasibility of using a graphical element such as a logo to detect a phishing website. Elsevier Ltd 2015 E-Article PeerReviewed Chiew, K.L. and Chang, E.H. and Sze, S.N. and Tiong, W.K. (2015) Utilisation of website logo for phishing detection. Computers and Security, 54. pp. 16-26. ISSN 0167-4048 https://www.scopus.com/record/display.uri?eid=2-s2.0-84949623528&origin=inward&txGid=0 DOI: 10.1016/j.cose.2015.07.006 |
institution |
Universiti Malaysia Sarawak |
building |
Centre for Academic Information Services (CAIS) |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Malaysia Sarawak |
content_source |
UNIMAS Institutional Repository |
url_provider |
http://ir.unimas.my/ |
topic |
T Technology (General) |
spellingShingle |
T Technology (General) Chiew, K.L. Chang, E.H. Sze, S.N. Tiong, W.K. Utilisation of website logo for phishing detection |
description |
Phishing is a security threat which combines social engineering and website spoofing techniques to deceive users into revealing confidential information. In this paper, we propose a phishing detection method to protect Internet users from the phishing attacks. In particular, given a website, our proposed method will be able to detect if it is a phishing website. We use a logo image to determine the identity consistency between the real and the portrayed identity of a website. Consistent identity indicates a legitimate website and inconsistent identity indicates a phishing website. The proposed method consists of two processes, namely logo extraction and identity verification. The first process will detect and extract the logo image from all the downloaded image resources of a webpage. In order to detect the right logo image, we utilise a machine learning technique. Based on the extracted logo image, the second process will employ the Google image search to retrieve the portrayed identity. Since the relationship between the logo and domain name is exclusive, it is reasonable to treat the domain name as the identity. Hence, a comparison between the domain name returned by Google with the one from the query website will enable us to differentiate a phishing from a legitimate website. The conducted experiments show reliable and promising results. This proves the effectiveness and feasibility of using a graphical element such as a logo to detect a phishing website. |
format |
E-Article |
author |
Chiew, K.L. Chang, E.H. Sze, S.N. Tiong, W.K. |
author_facet |
Chiew, K.L. Chang, E.H. Sze, S.N. Tiong, W.K. |
author_sort |
Chiew, K.L. |
title |
Utilisation of website logo for phishing detection |
title_short |
Utilisation of website logo for phishing detection |
title_full |
Utilisation of website logo for phishing detection |
title_fullStr |
Utilisation of website logo for phishing detection |
title_full_unstemmed |
Utilisation of website logo for phishing detection |
title_sort |
utilisation of website logo for phishing detection |
publisher |
Elsevier Ltd |
publishDate |
2015 |
url |
http://ir.unimas.my/id/eprint/12739/ https://www.scopus.com/record/display.uri?eid=2-s2.0-84949623528&origin=inward&txGid=0 |
_version_ |
1644511495242907648 |
score |
13.211869 |