AJNA : anti-phishing JS-based visual analysis, to mitigate users' excessive trust in SSL/TLS - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2016

AJNA : anti-phishing JS-based visual analysis, to mitigate users' excessive trust in SSL/TLS

Résumé

HTTPS websites are often considered safe by the users, due to the use of the SSL/TLS protocol. As a consequence phishing web pages delivered via this protocol benefit from that higher level of trust as well. In this paper, we assessed the relevance of heuristics such as the certificate information, the SSL/TLS protocol version and cipher-suite chosen by the servers, in the identification of phishing websites. We concluded that they were not discriminant enough, due to the close profiles of phishing and legitimate sites. Moreover, considering phishing pages hosted on cloud service platform or hacked domains, we identified that the users could easily be fooled by the certificate presented, since it would belong to the rightful owner of the website. Hence, we further examined HTTPS phishing websites hosted on hacked domains, in order to propose a detection method based on their visual identities. Indeed, the presence of a parasitic page on a domain is a disruption to the overall visual coherence of the original site. By designing an intelligent perception system responsible for extracting and comparing these divergent render- ings, we were able to spot phishing pages with an accuracy of 87% to 92%
Fichier principal
Vignette du fichier
mensah_badgers15_authorcr.pdf (326.24 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01453228 , version 1 (02-02-2017)

Identifiants

Citer

Pernelle Mensah, Gregory Blanc, Kazuya Okada, Daisuke Miyamoto, Youki Kadobayashi. AJNA : anti-phishing JS-based visual analysis, to mitigate users' excessive trust in SSL/TLS. BADGERS 2015 : 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Nov 2015, Kyoto, Japan. pp.74 - 84, ⟨10.1109/BADGERS.2015.019⟩. ⟨hal-01453228⟩
127 Consultations
1247 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More