DIAHPhish: Uma solução baseada em Redes Neurais Siamesas para detecção de ataques homográficos em páginas phishing direcionadas
Resumo
O phishing é um dos mecanismos mais populares para aplicar golpes virtuais em atividades. Grande parte da eficácia dos ataques de phishing reside na capacidade de enganar o usuário, convencendo-o de que está acessando um serviço legítimo. Para essa função, uma parte significativa dos ataques explora a aplicação de termos homográficos para verificar a confiabilidade do ataque. Nesse cenário, o estudo propõe uma abordagem autônoma, baseada em uma rede neural siamesa recorrente LSTM, capaz de identificar a presença de termos homográficos em partes da URL e conteúdo de páginas de phishing. Como resultado, o modelo proposto mostrou-se altamente eficiente na detecção de termos maliciosos, alcançando uma taxa de assertividade de mais de 99,50%.
Referências
Ahmad, I., Parvez, M. A., and Iqbal, A. (2019). Typowriter: A tool to prevent typosquatting. In 2019 IEEE 43rd COMPSAC, volume 1, pages 423–432.
Buber, E., Demir, O., and Sahingoz, O. K. (2017). Feature selections for the machine learning based detection of phishing websites. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–5.
Chiba, D., Akiyama, M., Yagi, T., Hato, K., Mori, T., and Goto, S. (2018). Domainchroma: Building actionable threat intelligence from malicious domain names. Computers & Security, 77:138–161.
Dam, T., Klausner, L. D., Buhov, D., and Schrittwieser, S. (2019). Large-scale analysis of pop-up scam on typosquatting urls. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19. ACM.
Gilwit, D. (2003). The latest cybersquatting trend: Typosquatters, their changing tactics, and how to prevent public deception and trademark infringement. The Journal of Law and Policy.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smörgåsbord of typos: Exploring international keyboard layout typosquatting. In 2019 IEEE Security and Privacy Workshops (SPW), pages 187–192.
Liu, T., Zhang, Y., Shi, J., Jing, Y., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In MILCOM 2016 - 2016 IEEE Military Communications Conference, pages 770–775.
Moubayed, A., Injadat, M., Shami, A., and Lutfiyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference (GLOBECOM), page 1–7. IEEE.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Conference of the Italian Association for Artificial Intelligence, pages 347–358.
Quinkert, F., Lauinger, T., Robertson, W., Kirda, E., and Holz, T. (2019). It’s not what it looks like: Measuring attacks and defensive registrations of homograph domains. In 2019 IEEE Conference on Communications and Network Security (CNS).
Spaulding, J., Nyang, D., and Mohaisen, A. (2017). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17. ACM.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2016). The landscape of domain name typosquatting: Techniques and countermeasures. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 284–289.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In IEEE INFOCOM 2018 IEEE Conference on Computer Communications, pages 2618–2626.
Teixeira, L., Silva, C., Fernandes, B., Oliveira, J., Feitosa, E., Filho, G. C., Arcoverde, H., and Garcia, V. (2021). Uma avaliação de comportamentos homográficos em ataques de phishing direcionados que exploram a suscetibilidade pela fidedignidade e sazonalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 253–266, Porto Alegre, RS, Brasil. SBC.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Zhu, W., Yao, T., Ni, J., Wei, B., and Lu, Z. (2018). Dependency-based siamese long short-term memory network for learning sentence representations. PLOS ONE, 13(3):1–14.
Buber, E., Demir, O., and Sahingoz, O. K. (2017). Feature selections for the machine learning based detection of phishing websites. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–5.
Chiba, D., Akiyama, M., Yagi, T., Hato, K., Mori, T., and Goto, S. (2018). Domainchroma: Building actionable threat intelligence from malicious domain names. Computers & Security, 77:138–161.
Dam, T., Klausner, L. D., Buhov, D., and Schrittwieser, S. (2019). Large-scale analysis of pop-up scam on typosquatting urls. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19. ACM.
Gilwit, D. (2003). The latest cybersquatting trend: Typosquatters, their changing tactics, and how to prevent public deception and trademark infringement. The Journal of Law and Policy.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smörgåsbord of typos: Exploring international keyboard layout typosquatting. In 2019 IEEE Security and Privacy Workshops (SPW), pages 187–192.
Liu, T., Zhang, Y., Shi, J., Jing, Y., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In MILCOM 2016 - 2016 IEEE Military Communications Conference, pages 770–775.
Moubayed, A., Injadat, M., Shami, A., and Lutfiyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference (GLOBECOM), page 1–7. IEEE.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Conference of the Italian Association for Artificial Intelligence, pages 347–358.
Quinkert, F., Lauinger, T., Robertson, W., Kirda, E., and Holz, T. (2019). It’s not what it looks like: Measuring attacks and defensive registrations of homograph domains. In 2019 IEEE Conference on Communications and Network Security (CNS).
Spaulding, J., Nyang, D., and Mohaisen, A. (2017). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17. ACM.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2016). The landscape of domain name typosquatting: Techniques and countermeasures. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 284–289.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In IEEE INFOCOM 2018 IEEE Conference on Computer Communications, pages 2618–2626.
Teixeira, L., Silva, C., Fernandes, B., Oliveira, J., Feitosa, E., Filho, G. C., Arcoverde, H., and Garcia, V. (2021). Uma avaliação de comportamentos homográficos em ataques de phishing direcionados que exploram a suscetibilidade pela fidedignidade e sazonalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 253–266, Porto Alegre, RS, Brasil. SBC.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Zhu, W., Yao, T., Ni, J., Wei, B., and Lu, Z. (2018). Dependency-based siamese long short-term memory network for learning sentence representations. PLOS ONE, 13(3):1–14.
Publicado
18/09/2023
Como Citar
TEIXEIRA, Lucas C.; FERNANDES, Bruno J. T.; SILVA, Carlos M. R.; BARROS, Julio C. G..
DIAHPhish: Uma solução baseada em Redes Neurais Siamesas para detecção de ataques homográficos em páginas phishing direcionadas. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 376-389.
DOI: https://doi.org/10.5753/sbseg.2023.232859.
