Data-centric phishing detection based on transparent virtualization technologies

Submitted by BrandonB on Thu, 04/30/2015 - 1:47pm

Title	Data-centric phishing detection based on transparent virtualization technologies
Publication Type	Conference Paper
Year of Publication	2014
Authors	Biedermann, S., Ruppenthal, T., Katzenbeisser, S.
Conference Name	Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on
Date Published	July
Keywords	antiphishing solution, Browsers, cloud, cloud computing, color-based fingerprint extraction, color-based fingerprint filtering, color-based fingerprint scaling, component isolation, Computer architecture, Computer crime, data mining, data-centric phishing detection, Detectors, human perceptual similarity, Image color analysis, Malware, man-in-the-browser attack, MitB attack, online front-ends, phishing attacks, spoofed Web pages, transparent virtualization technologies, virtual machines, virtualisation, VM introspection, VMI, Web pages, Web sites
Abstract	We propose a novel phishing detection architecture based on transparent virtualization technologies and isolation of the own components. The architecture can be deployed as a security extension for virtual machines (VMs) running in the cloud. It uses fine-grained VM introspection (VMI) to extract, filter and scale a color-based fingerprint of web pages which are processed by a browser from the VM's memory. By analyzing the human perceptual similarity between the fingerprints, the architecture can reveal and mitigate phishing attacks which are based on redirection to spoofed web pages and it can also detect "Man-in-the-Browser" (MitB) attacks. To the best of our knowledge, the architecture is the first anti-phishing solution leveraging virtualization technologies. We explain details about the design and the implementation and we show results of an evaluation with real-world data.
DOI	10.1109/PST.2014.6890942
Citation Key	6890942

Groups:

Science of Security VO