Abstract

An approach to detection of phishing Web pages based on visual similarity is proposed, which can be utilized as a part of an enterprise solution to antiphishing. A legitimate Web page owner can use this approach to search the Web for suspicious Web pages which are visually similar to the true Web page. The approach first decomposes the Web pages into salient (visually distinguishable) block regions. The visual similarity between two Web pages is then evaluated in three metrics: block level similarity, layout similarity, and overall style similarity. A Web page is reported as a phishing suspect if any of them (with regards to the true one) is higher than its corresponding preset threshold. Preliminary experiments show that the approach can successfully detect those phishing Web pages with few false alarms at a speed adequate for online application.