Defending users against fraudulent Websites (i.e., phishing) is a task that is reactive in practice. Blacklists, spam filters, and takedowns all depend on first finding new sites and verifying that they are fraudulent. In this paper we explore an alternative approach that uses a combination of computer-vision techniques to proactively identify likely phishing pages as they are rendered, interactive queries to validate such pages with brand holders, and a single keyboard-entry filter to minimize false positives. We have developed a prototype version of this approach within the Firefox browser and we provide a preliminary evaluation of both the underlying technology (the accuracy and performance of logo recognition in Web pages) as well as its effectiveness in controlled small-scale user studies. While no such approach is perfect, our results demonstrate that this technique offers a significant new capability for minimizing response time in combating a wide range of phishing scams.
The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, firstname.lastname@example.org.
[ Search ]