Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach presented at USENIX Security 2022

by Ruofan Liu, Yun Lin, Xianglin Ng,

Tags: Web Security III: Bots & Authentication


Summary : Explainable phishing detection approaches are usually based on references, i.e., they compare a suspicious webpage against a reference list of commonly targeted legitimate brands' webpages. If a webpage is detected as similar to any referenced website but their domains are not aligned, a phishing alert is raised with an explanation comprising its targeted brand. In comparison to other techniques, such explainable reference-based solutions are more robust to ever-changing phishing webpages. However, the webpage similarity is still measured by representations conveying only partial intentions (e.g., screenshot and logo), which (i) incurs considerable false positives and (ii) gives an adversary opportunities to compromise user confidence in the approaches.