Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach

  • Ieng-Fat Lam
  • Wei-Cheng Xiao
  • Szu-Chi Wang
  • Kuan-Ta Chen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Many visual similarity-based phishing page detectors have been developed to detect phishing webpages, however, scammers now create polymorphic phishing pages to breach the defense of those detectors. We call this kind of countermeasure phishing page polymorphism. Polymorphic pages are visually similar to genuine pages they try to mimic, but they use different representation techniques. It increases the level of difficulty to detect phishing pages. In this paper, we propose an effective detection mechanism to detect polymorphic phishing pages. In contrast to existing approaches, we analyze the layout of webpages rather than the HTML codes, colors, or content. Specifically, we compute the similarity degree of a suspect page and an authentic page through image processing techniques. Then, the degrees of similarity are ranked by a classifier trained to detect phishing pages. To verify the efficacy of our phishing detection mechanism, we collected 6,750 phishing pages and 312 mimicked targets for the performance evaluation. The results show that our method achieves an excellent detection rate of 99.6%.


False Negative Rate Matched Pair Visual Similarity Page Layout Target Page 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chen, K.-T., Chen, J.-Y., Huang, C.-R., Chen, C.-S.: Fighting Phishing with Discriminative Keypoint Features of Webpages. IEEE Internet Computing (2009)Google Scholar
  2. 2.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590 (2006)Google Scholar
  3. 3.
    Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional, Reading (2005)Google Scholar
  4. 4.
    Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web, pp. 471–479 (2005)Google Scholar
  5. 5.
    Tan, C.H., Teo, J.C.M.: Protection AgainstWeb-based Password Phishing. In: Proceedings of the International Conference on Information Technology, pp. 754–759. IEEE Computer Society, Washington (2007)Google Scholar
  6. 6.
    Zhang, Y., Hong, J.I., Cranor, L.F.: Cantina: a content-based approach to detecting phishing web sites. In: Proceedings of the 16th International Conference on World Wide Web, pp. 639–648 (2007)Google Scholar
  7. 7.
    Liu, W., Deng, X., Huang, G., Fu, A.Y.: An Antiphishing Strategy Based on Visual Similarity Assessment. IEEE Internet Computing, 58–65 (2006)Google Scholar
  8. 8.
    Fu, A.Y., Wenyin, L., Deng, X.: Detecting Phishing Web Pages with Vi- sual Similarity Assessment Based on Earth Mover’s Distance (EMD). IEEE Transactions on Dependable and Secure Computing, 301–311 (2006)Google Scholar
  9. 9.
    Otsu, N., et al.: A threshold selection method from gray-level histograms. IEEE Transactions on Systems, Man, and Cybernetics 9(1), 62–66 (1979)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ieng-Fat Lam
    • 1
  • Wei-Cheng Xiao
    • 1
  • Szu-Chi Wang
    • 2
  • Kuan-Ta Chen
    • 1
  1. 1.Institute of Information ScienceAcademia SinicaTaiwan
  2. 2.Institute of Computer Science and Information EngineeringNational Ilan UniversityTaiwan

Personalised recommendations