The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
피싱 웹사이트를 탐지하는 것은 필수적입니다. 여러 탐지 방식 중에서 유망한 방식은 시각적 유사성 기반 접근 방식입니다. 그 중에서 서명이라 불리는 표적화된 합법적인 웹사이트의 시각적 특징은 시스템 관리자에 의해 SDB(Signature Database)에 저장됩니다. SDB의 서명과 매우 유사한 서명을 가진 피싱 웹사이트만 탐지할 수 있습니다. 따라서 시스템 관리자는 다양한 피싱 웹사이트를 탐지하기 위해 다수의 서명을 등록해야 하며 그 비용은 매우 높다. 이로 인해 제로데이 피싱 공격의 취약점이 발생합니다. 이 문제를 해결하려면 자동 서명 업데이트 메커니즘이 필요합니다. SDB 자동 업데이트의 순진한 방법은 탐지된 피싱 웹사이트의 서명을 SDB에 추가하여 탐지 범위를 확장하는 것입니다. 그러나 이전 접근 방식은 대상으로 삼은 합법적인 웹사이트와 해당 합법적인 웹사이트를 대상으로 하는 피싱 웹사이트의 아종 간에 유사성이 매우 다를 수 있으므로 자동 업데이트에 적합하지 않습니다. 게다가 이전 서명은 공격자가 쉽게 조작할 수 있습니다. 위에서 언급한 문제점을 극복하기 위해 본 논문에서는 제로데이 공격에 대한 내성을 갖춘 시각적 유사성 기반 피싱 탐지를 위한 색상 시그니처 자동 업데이트 시스템을 제안한다. 특정 합법적인 웹사이트를 표적으로 삼는 피싱 웹사이트는 대상 웹사이트의 테마 색상을 사용하여 사용자를 속이는 경향이 있습니다. 즉, 사용자는 피싱 웹사이트의 색상 정보가 합법적인 타겟 웹사이트와 크게 다른 경우(예: 빨간색인 Facebook은 의심스러운 경우) 쉽게 구별할 수 있습니다. 따라서 Hue 시그니처는 표적이 된 합법적인 웹사이트와 피싱 웹사이트의 아종 간에 공통적인 특징을 가지고 있어 공격자가 이를 변경하기가 어렵습니다. 이러한 개념을 바탕으로 우리는 Hue 서명이 SDB 자동 업데이트 및 공격자의 조작에 대한 견고성에 대한 요구 사항을 충족한다고 주장합니다. 이러한 공통성은 색상 서명에 자동 업데이트가 적용될 때 감지 범위를 효과적으로 확장할 수 있습니다. 실제 데이터 세트를 사용한 컴퓨터 시뮬레이션을 통해 우리 시스템이 이전 방식에 비해 높은 탐지 성능을 달성한다는 것을 보여줍니다.
Shuichiro HARUTA
Keio University
Hiromu ASAHINA
Keio University
Fumitaka YAMAZAKI
Keio University
Iwao SASASE
Keio University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Shuichiro HARUTA, Hiromu ASAHINA, Fumitaka YAMAZAKI, Iwao SASASE, "Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 12, pp. 2461-2471, December 2019, doi: 10.1587/transinf.2019EDP7079.
Abstract: Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDP7079/_p
부
@ARTICLE{e102-d_12_2461,
author={Shuichiro HARUTA, Hiromu ASAHINA, Fumitaka YAMAZAKI, Iwao SASASE, },
journal={IEICE TRANSACTIONS on Information},
title={Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack},
year={2019},
volume={E102-D},
number={12},
pages={2461-2471},
abstract={Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.},
keywords={},
doi={10.1587/transinf.2019EDP7079},
ISSN={1745-1361},
month={December},}
부
TY - JOUR
TI - Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack
T2 - IEICE TRANSACTIONS on Information
SP - 2461
EP - 2471
AU - Shuichiro HARUTA
AU - Hiromu ASAHINA
AU - Fumitaka YAMAZAKI
AU - Iwao SASASE
PY - 2019
DO - 10.1587/transinf.2019EDP7079
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 12
JA - IEICE TRANSACTIONS on Information
Y1 - December 2019
AB - Detecting phishing websites is imperative. Among several detection schemes, the promising ones are the visual similarity-based approaches. In those, targeted legitimate website's visual features referred to as signatures are stored in SDB (Signature Database) by the system administrator. They can only detect phishing websites whose signatures are highly similar to SDB's one. Thus, the system administrator has to register multiple signatures to detect various phishing websites and that cost is very high. This incurs the vulnerability of zero-day phishing attack. In order to address this issue, an auto signature update mechanism is needed. The naive way of auto updating SDB is expanding the scope of detection by adding detected phishing website's signature to SDB. However, the previous approaches are not suitable for auto updating since their similarity can be highly different among targeted legitimate website and subspecies of phishing website targeting that legitimate website. Furthermore, the previous signatures can be easily manipulated by attackers. In order to overcome the problems mentioned above, in this paper, we propose a hue signature auto update system for visual similarity-based phishing detection with tolerance to zero-day attack. The phishing websites targeting certain legitimate website tend to use the targeted website's theme color to deceive users. In other words, the users can easily distinguish phishing website if it has highly different hue information from targeted legitimate one (e.g. red colored Facebook is suspicious). Thus, the hue signature has a common feature among the targeted legitimate website and subspecies of phishing websites, and it is difficult for attackers to change it. Based on this notion, we argue that the hue signature fulfills the requirements about auto updating SDB and robustness for attackers' manipulating. This commonness can effectively expand the scope of detection when auto updating is applied to the hue signature. By the computer simulation with a real dataset, we demonstrate that our system achieves high detection performance compared with the previous scheme.
ER -