Several researchers at the University of Plymouth and the University of Portsmouth, who specialize in computer security, have been looking at machine learning models that recognize the visual representation of a website’s code to make them faster and more accurate. With this ability, these tools can help improve the prediction and detection speed of phishing sites.
Phishing scams are regularly practiced on the Internet and consist in making the user believe that he is on a real website (such as that of a telephone operator, energy supplier, e-commerce, or the government, etc.) in order to obtain personal and/or banking data.
Machine learning and binary visualization: an effective duo to fight phishing
In order to fight against phishing, four computer security researchers, Luke Barlow, Gueltoum Bendiab, Stavros Shiaeles and Nick Savage, have tried to fill the gaps in existing detection methods which usually rely on a reactive approach: when a user falls into a phishing scam, the site is added to a database of malicious sites. The main drawback of this approach is that it always gives hackers a head start.
The research team has developed a technique that relies on creating an RGB image in matrix form that corresponds to the binary display of a page’s source code. When a site is visited, the binary visualization of the site can be compared with those of the dataset previously built using a convolutional network based on TensorFlow, in order to compare the degree of similarity between a known site and a new site.
The scientific publication detailing the operation can be consulted on arXiv.
Encouraging results to try to file a patent application
During the various experiments conducted by the researchers, it was proven that the model can achieve an accuracy of 94% in the detection of phishing websites. Usable with any user’s devices, it provides near real-time results and the researchers claim that the technique has been used with any type of site.
After leveraging binary visualization and machine learning to detect malware with promising results during 2019, the researchers managed to design a solution to combat phishing. Now, the research team wants to work on a new method and will try to file a patent application in the future.
With the results already obtained, Luke Barlow, Gueltoum Bendiab, Stavros Shiaeles and Nick Savage are quite confident about the future.
Translated from Une équipe de chercheurs britanniques lutte contre le phishing en élaborant une nouvelle technique de machine learning
