An Anti-phishing Scheme Based On Login Page Detection And Logo Identification

Phishing is an online identity fraud behavior to steal users’ personal andfinancial information, such as usernames, passwords, credit card numbers,ATM numbers, PIN numbers and so on, to obtain economic benefits bymasquerading as trustworthy organizations in electronic com-munication.Phishing attacks have got rapidly increased with the widespread use of onlinetrading, like internet bank and e-commerce, which causes an extremely badinfluence on people’s life and becomes the stumbling blocke during thedevelopment of e-commerce. Therefore, it is necessary to foucs onanti-phishing research.Traditional anti-phishing schemes are based on the blacklist and heuristicsapproaches. The blacklist-based methods which examine new URLs by anup-to-date phishing database, are easy to implement and efficient, but alsoeasier to make false positives and false negatives, because it is difficult inmaintaining the blacklists up-to-date in the presence of the dynamics ofphishing. Heuristics-based methods which demand prior knowledge ofphishing signatures, training data and specific implementations, have thehigher true positive rate (TPR) and lower false positive rate (FPR), but can not adapt quickly to new phishing patterns. That is to say, both of the two methodsmentioned above are slowly responding to new phishing attacks. Moreover,due to the complexity of phishing, anti-phishing schemes based on a singledetection technique do not reach the desired effect. Last but not least, mostanti-phishing algorithms published are mainly based on PC terminal, notconsidering system resources into the designing of scheme, which degradesusers’ internet experence. In addition, such schemes are not either available forthe platform with resource limited, like mobile terminal. Therefore, how toeffectively and efficiently detect phishing is a challenge.In order to solve the above problems, a muli-level phishing detectionscheme from the perspective of Effectiveness and efficiency is proposed in thispaper, which can be applied to detect phishing on PC terminal and mobileterminal. Finally, we implement the development and deployment of ouranti-phishing system on Android that is the smart terminal operation with thefastest growing market. The innovations of our work are in the followingareas:Firstly, we introduce a fast phishing detection method by simulating loginprocess. Phishing has login page, but does not set login barrier for obtainingusers’ personal information. That means all reasonable inputs will beconsidered as a legitimate login. With this knowledge, we can quicklyrecognize web pages allowing login by different passwords under a usernameas phishing, which largely reduces the detecting burden of system. Then, we introduce a method of logo identification based on visualsimilarity comparison. Logo is an important graphic sign of an organization,and thus can accurately indicate the claimed identity. As a general rule, logo ishighlighted in a phishing site, to reach visual deception effect. So we canextract logo file, and implement partial web page visual similarity, whichmakes identification and detection more accurate, compared with thetraditional full web page visual similarity, to find the inconsistency betweenthe claimed identity and its own identity.Finally, in order to further improve efficiency, and enhance robustness,the multi-level detection architecture has been introduced. In this architecture,we preposed the simple and fast response detecting algorithms, trying toidentify phishing with the minimum system cost.