Research On Anti-Phishing Attack Technologies And Strategies

A phishing attack lures a victim to a website through deceptive email addresses or information.The website is purportedly operated by trusted entities,such as banking websites and social websites.The victim is induced to enter private information on the fake webpage.Phishing attacks can steal a victim’s private information.Furthermore,they can intrude on enterprises,government departments,and other important organizations based on the stolen information.Through an in-depth analysis of the phishing attack process and existing defense measures,this thesis clarifies the problems existing in the current anti-phishing technologies.Moreover,this thesis proposes effective solutions from three aspects: detection technology,defense resource allocation,and user feedback incentive strategy.Firstly,phishing websites are often counterfeited to deceive users.However,most phishing website identification methods cannot detect phishing pages partially similar to trusted websites.Secondly,as the main transmission channel of phishing websites,email needs to be effectively monitored for security.However,the phishing email filtering technique consumes many defensive resources,which are usually limited in real life.Hence,how to effectively allocate defense resources is a challenge.Finally,human is considered as the important link in a phishing attack.If suspicious emails are actively reported by users,alarms can be generated in advance to block the spread of phishing attacks.However,in reality,the user’s initiative to report suspicious emails is poor,and the user feedback frequency is low.To solve the above problems,a series of theoretical analyses and verification experiments are conducted in this thesis.The main research results are as follows.(1)The existing phishing website detection methods cannot accurately identify phishing webpages that are partially similar to legal websites.To solve the problem,this thesis proposes a visual similarity detection method,which combines a global feature and a local feature of a webpage.Fine-grained image classification is considered as the solution idea in this thesis.Firstly,a website logo,which is strongly related to the website identity,is located by a convolutional neural network.The dataset used in the network training process does not need the logo bounding box with human annotation.Then the residual network takes the logo region and the whole webpage as input and outputs the webpage identity.Experimental results prove that the proposed method exceeds the existing state-of-the-art visual similarity detection method.Moreover,the method can be used to detect zero-day phishing pages.Meanwhile,it is robust to adversarial attacks.(2)To solve the problem of insufficient phishing email defense resources,this thesis proposes an evolutional game model between multiple attackers and multiple defenders and analyzes the evolution process of their strategies.By solving the evolutionarily stable strategy of the model,the optimal number of users protected is first obtained as an efficient defense strategy.The strategy can lower attack density and reduce resource consumption.Then this thesis discovers that this defense strategy is affected by the email opening probability of users,the attack cost,and the attack loss.The defense strategy can help email network managers deploy anti-phishing techniques according to the email opening probability.Because the attacker does not know the email opening probability,he cannot compute the optimal attack strategy.Furthermore,this thesis studies the influences of the attack cost and loss on the defense strategy.It is revealed that the attack cost has a more marked effect on the defense strategy compared to the attack loss.Finally,this thesis collects a large real-world email network dataset,which includes emails among users for 2 years.A series of experiments are conducted using this dataset.The experimental results prove that the defense strategy is effective in a real-world email network.Moreover,it outperforms the existing defense strategies.(3)To solve the problem that users rarely report phishing emails,this thesis studies how to motivate users to actively report phishing emails.A tripartite evolutionary game model among email security providers,email users,and attackers is constructed.This thesis obtains the desired evolutionarily stable strategy by solving the replicator dynamics equations.Moreover,the evolution process to the desired evolutionarily stable strategy is derived,which can guide the email security provider to make a reasonable incentive mechanism.Lastly,this thesis experiments with a large real-world email network.The experimental results prove that our model is effective and practical.