DIAHPhish: Uma solução baseada em Redes Neurais Siamesas para detecção de ataques homográficos em páginas phishing direcionadas
Abstract
Phishing is one of the most popular mechanisms for applying virtual scams in activity. Much of the effectiveness of phishing attacks lies in their ability to trick the user into convincing them that they are accessing a genuine service. For such a function, a significant portion of the attacks explore the application of homographic terms to check the reliability of the attack. In this scenario, the study proposes an autonomous approach, based on an LSTM recurrent Siamese neural network, capable of identifying the presence of homographic terms in parts of the URL and content of phishing pages. As a result, the proposed model proved to be highly efficient in detecting malicious terms, reaching an average assertiveness rate of more than 99.50%.
References
Ahmad, I., Parvez, M. A., and Iqbal, A. (2019). Typowriter: A tool to prevent typosquatting. In 2019 IEEE 43rd COMPSAC, volume 1, pages 423–432.
Buber, E., Demir, O., and Sahingoz, O. K. (2017). Feature selections for the machine learning based detection of phishing websites. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–5.
Chiba, D., Akiyama, M., Yagi, T., Hato, K., Mori, T., and Goto, S. (2018). Domainchroma: Building actionable threat intelligence from malicious domain names. Computers & Security, 77:138–161.
Dam, T., Klausner, L. D., Buhov, D., and Schrittwieser, S. (2019). Large-scale analysis of pop-up scam on typosquatting urls. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19. ACM.
Gilwit, D. (2003). The latest cybersquatting trend: Typosquatters, their changing tactics, and how to prevent public deception and trademark infringement. The Journal of Law and Policy.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smörgåsbord of typos: Exploring international keyboard layout typosquatting. In 2019 IEEE Security and Privacy Workshops (SPW), pages 187–192.
Liu, T., Zhang, Y., Shi, J., Jing, Y., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In MILCOM 2016 - 2016 IEEE Military Communications Conference, pages 770–775.
Moubayed, A., Injadat, M., Shami, A., and Lutfiyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference (GLOBECOM), page 1–7. IEEE.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Conference of the Italian Association for Artificial Intelligence, pages 347–358.
Quinkert, F., Lauinger, T., Robertson, W., Kirda, E., and Holz, T. (2019). It’s not what it looks like: Measuring attacks and defensive registrations of homograph domains. In 2019 IEEE Conference on Communications and Network Security (CNS).
Spaulding, J., Nyang, D., and Mohaisen, A. (2017). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17. ACM.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2016). The landscape of domain name typosquatting: Techniques and countermeasures. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 284–289.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In IEEE INFOCOM 2018 IEEE Conference on Computer Communications, pages 2618–2626.
Teixeira, L., Silva, C., Fernandes, B., Oliveira, J., Feitosa, E., Filho, G. C., Arcoverde, H., and Garcia, V. (2021). Uma avaliação de comportamentos homográficos em ataques de phishing direcionados que exploram a suscetibilidade pela fidedignidade e sazonalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 253–266, Porto Alegre, RS, Brasil. SBC.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Zhu, W., Yao, T., Ni, J., Wei, B., and Lu, Z. (2018). Dependency-based siamese long short-term memory network for learning sentence representations. PLOS ONE, 13(3):1–14.
Buber, E., Demir, O., and Sahingoz, O. K. (2017). Feature selections for the machine learning based detection of phishing websites. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–5.
Chiba, D., Akiyama, M., Yagi, T., Hato, K., Mori, T., and Goto, S. (2018). Domainchroma: Building actionable threat intelligence from malicious domain names. Computers & Security, 77:138–161.
Dam, T., Klausner, L. D., Buhov, D., and Schrittwieser, S. (2019). Large-scale analysis of pop-up scam on typosquatting urls. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19. ACM.
Gilwit, D. (2003). The latest cybersquatting trend: Typosquatters, their changing tactics, and how to prevent public deception and trademark infringement. The Journal of Law and Policy.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smörgåsbord of typos: Exploring international keyboard layout typosquatting. In 2019 IEEE Security and Privacy Workshops (SPW), pages 187–192.
Liu, T., Zhang, Y., Shi, J., Jing, Y., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In MILCOM 2016 - 2016 IEEE Military Communications Conference, pages 770–775.
Moubayed, A., Injadat, M., Shami, A., and Lutfiyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference (GLOBECOM), page 1–7. IEEE.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Conference of the Italian Association for Artificial Intelligence, pages 347–358.
Quinkert, F., Lauinger, T., Robertson, W., Kirda, E., and Holz, T. (2019). It’s not what it looks like: Measuring attacks and defensive registrations of homograph domains. In 2019 IEEE Conference on Communications and Network Security (CNS).
Spaulding, J., Nyang, D., and Mohaisen, A. (2017). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17. ACM.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2016). The landscape of domain name typosquatting: Techniques and countermeasures. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 284–289.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In IEEE INFOCOM 2018 IEEE Conference on Computer Communications, pages 2618–2626.
Teixeira, L., Silva, C., Fernandes, B., Oliveira, J., Feitosa, E., Filho, G. C., Arcoverde, H., and Garcia, V. (2021). Uma avaliação de comportamentos homográficos em ataques de phishing direcionados que exploram a suscetibilidade pela fidedignidade e sazonalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 253–266, Porto Alegre, RS, Brasil. SBC.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Zhu, W., Yao, T., Ni, J., Wei, B., and Lu, Z. (2018). Dependency-based siamese long short-term memory network for learning sentence representations. PLOS ONE, 13(3):1–14.
Published
2023-09-18
How to Cite
TEIXEIRA, Lucas C.; FERNANDES, Bruno J. T.; SILVA, Carlos M. R.; BARROS, Julio C. G..
DIAHPhish: Uma solução baseada em Redes Neurais Siamesas para detecção de ataques homográficos em páginas phishing direcionadas. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 376-389.
DOI: https://doi.org/10.5753/sbseg.2023.232859.
