Hybrid phishing detection using joint visual and textual identity

• Published in: Expert systems with applications Vol. 220; p. 119723
• Main Authors: Tan, Colin Choon Lin, Chiew, Kang Leng, Yong, Kelvin S.C., Sebastian, Yakub, Than, Joel Chia Ming, Tiong, Wei King
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 15.06.2023
• Subjects: Brand names; Computer vision; Logo detection; Phishing detection; Web security; Website identity; Logo detection; Brand names; Computer vision; Web security; Phishing detection; Website identity
• ISSN: 0957-4174; 1873-6793
• DOI: 10.1016/j.eswa.2023.119723

In recent years, phishing attacks have evolved considerably, causing existing adversarial features that were widely utilised for detecting phishing websites to become less discriminative. These developments have fuelled growing interests among security researchers towards an anti-phishing strategy known as the identity-based detection technique. Identity-based detection techniques have consistently achieved high true positive rates in a rapidly changing phishing landscape, owing to its capitalisation on fundamental brand identity relations that are inherent in most legitimate webpages. However, existing identity-based techniques often suffer higher false positive rates due to complexities and challenges in establishing the webpage’s brand identity. To close the existing performance gap, this paper proposes a new hybrid identity-based phishing detection technique that leverages webpage visual and textual identity. Extending earlier anti-phishing work based on the website logo as visual identity, our method incorporates novel image features that mimic human vision to enhance the logo detection accuracy. The proposed hybrid technique integrates the visual identity with a textual identity, namely, brand-specific keywords derived from the webpage content using textual analysis methods. We empirically demonstrated on multiple benchmark datasets that this joint visual-textual identity detection approach significantly improves phishing detection performance with an overall accuracy of 98.6%. Benchmarking results against an existing technique showed comparable true positive rates and a reduction of up to 3.4% in false positive rates, thus affirming our objective of reducing the misclassification of legitimate webpages without sacrificing the phishing detection performance. The proposed hybrid identity-based technique is proven to be a significant and practical contribution that will enrich the anti-phishing community with improved defence strategies against rapidly evolving phishing schemes. •Remain sustainable against evolving phishing threats by using identity-based method.•Achieve reduced false positives thus improving practicality of proposed solution.•Leverage hybrid identities to attain robustness across diverse range of websites.•Exploit novel image features based on human vision to enhance website logo detection.•Enrich website visual analysis via active browser rendering and DOM manipulation.