3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

A Layout-Similarity-Based Approach for Detecting Phishing Pages

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550367,
        author={Angelo P. E. Rosiello and Engin Kirda and Christopher Kruegel and Fabrizio Ferrandi},
        title={A Layout-Similarity-Based Approach for Detecting Phishing Pages},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        keywords={Banking  Computer crime  Costs  Customer service  Electronic mail  Large-scale systems  Protection  Uniform resource locators  Web and internet services  Web pages},
  • Angelo P. E. Rosiello
    Engin Kirda
    Christopher Kruegel
    Fabrizio Ferrandi
    Year: 2008
    A Layout-Similarity-Based Approach for Detecting Phishing Pages
    DOI: 10.1109/SECCOM.2007.4550367
Angelo P. E. Rosiello1,*, Engin Kirda2,*, Christopher Kruegel2,*, Fabrizio Ferrandi1,*
  • 1: Politecnico di Milano
  • 2: Secure Systems Lab, Technical University Vienna
*Contact email: angelo@rosiello.org, ek@seclab.tuwien.ac.at, chris@seclab.tuwien.ac.at, ferrandi@elet.polimi.it


Phishing is a current social engineering attack that results in online identity theft. In a phishing attack, the attacker persuades the victim to reveal confidential information by using web site spoofing techniques. Typically, the captured information is then used to make an illegal economic profit by purchasing goods or undertaking online banking transactions. Although simple in nature, because of their effectiveness, phishing attacks still remain a great source of concern for organizations with online customer services. In previous work, we have developed AntiPhish, a phishing protection system that prevents sensitive user information from being entered on phishing sites. The drawback is that this system requires cooperation from the user and occasionally raises false alarms. In this paper, we present an extension of our system (called DOMAntiPhish) that mitigates the shortcomings of our previous system. In particular, our novel approach leverages layout similarity information to distinguish between malicious and benign web pages. This makes it possible to reduce the involvement of the user and significantly reduces the false alarm rate. Our experimental evaluation demonstrates that our solution is feasible in practice.