Utilization of Local and Global Image Descriptors for Phishing Web Page Identifıcation

Abstract

In recent years, the use of the Internet has increased in all areas of life, thus many cyber- attacks have emerged. These attacks aim to steal users' private information such as passwords, credit cards. During phishing attacks, attackers have an attitude of deceiving users by creating copies of a web page that is known and frequently used by users. In this thesis, a new approach which can be a solution for detecting phishing attacks on web pages has been introduced. In the proposed approach, experiments have been conducted with local and global descriptors that have not been used before in the literature. In addition, "holistic" and "multi-level patch" approach was used to increase detection of attacks. The "holistic" approach referred to in these approaches is to process the image as a whole, while the "multi-level patch” approach is to separate the image into equal dimensions. The data set used in the evaluation phase of the proposed approach includes screenshots taken from websites of 14 different trademarks in total. This data set, with a total of 2852 samples, is "open set". The features obtained from the descriptors were then classified by support vector machine, random forest and XGBoost machine learning algorithms. According to the extensive test results, the best success rate is 90.38% with SIFT descriptor. This thesis suggests that the proposed approach may be effective in detecting possible counterfeiting attacks on web pages.