Phishing is a main problem on the Web. Despite the important attention it has established over the years, there has been no ultimate solution. While the state-of-the-art solutions have reasonably good presentation, they suffer from quite a few drawbacks counting potential to compromise consumer privacy, difficulty of detecting phishing websites whose content change dynamically, and confidence on features that are too dependent on the preparation data. To address these limits we present a new move toward for detecting phishing WebPages in real-time as they are visited by a browser. It relies on modeling inherent phisher limits stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and flexibility to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to imitate and includes this target in its warning. We evaluated our proposed genetic algorithm in below user studies.

Client

[1] K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song, “Design and evaluation of a real-time url spam filtering service,” in Proceedings of the IEEE Symposium on Security and Privacy, 2011, pp. 447–462.
[2] C. Whittaker, B. Ryner, and M. Nazif, “Large-scale automatic classification of phishing pages,” in Proceedings of the 2010 Network and Distributed System Security (NDSS) Symposium, 2010.
[3] Google, “Safe browsing.” [Online]. Available: https://www.chromium. org/developers/design-documents/safebrowsing
[4] Phishtank, “Out of the Net, into the Tank.” [Online]. Available: https://www.phishtank.com/
[5] X. Han, N. Kheir, and D. Balzarotti, “Phisheye: Live monitoring of sandboxed phishing kits,” in ACM CCS, 2016, pp. 1402–1413.
[6] M. Al-Daeef, N. Basir, and M. Saudi, “A review of client-side toolbars as a user-oriented anti-phishing solution,” in Advanced Computer and Communication Engineering Technology, 2016, pp. 427–437.
[7] B. Liang, M. Su, W. You, W. Shi, and G. Yang, “Cracking classifiers for evasion: A case study on the google’s phishing pages filter,” in International Conference on World Wide Web, 2016, pp. 345–356.
[8] D. Akhawe and A. P. Felt, “Alice in warningland: A large-scale field study of browser security warning effectiveness,” in Proceedings of the 22nd USENIX Conference on Security, 2013, pp. 257–272.
[9] APWG, “Phishing Activity Trends Report,” APWG, Tech. Rep. 3Q2016, 2016.
[10] G. Xiang and J. I. Hong, “A hybrid phish detection approach by identity discovery and keywords retrieval,” in Proceedings of the 18th International Conference on World Wide Web, 2009, pp. 571–580.
[11] Y. Pan and X. Ding, “Anomaly based web phishing page detection,” in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC), 2006, pp. 381–392.
[12] A. Le, A. Markopoulou, and M. Faloutsos, “PhishDef: URL names say it all,” in Proceedings of IEEE INFOCOM, 2011, pp. 191–195.
[13] S. Marchal, J. Franc¸ois, R. State, and T. Engel, “Proactive discovery of phishing related domain names,” in Research in Attacks, Intrusions, and Defenses, 2012.
[14] SSG@Aalto, “Off-the-Hook - A phishing prevention system.” [Online]. Available: https://ssg.aalto.fi/projects/phishing/add-on.html
[15] KangoExtensions, “Cross-browser extension framework.” [Online]. Available: http://kangoextensions.com/