Abstract

Visual cues are the most convincing entities which are weaponized by cyber-attackers to carry out phishing attacks. Generally, a genuine-looking UI is sufficient to convince a user. Thinking that it is a legitimate website, users provide their private information to attackers. This is a very serious problem that needs to be solved right before the users enter their private information. Recent advances in phishing attack detection include the use of Machine Learning (ML) algorithms. In this paper, we propose a hybrid of ML-based and IP-based phishing attack detection mechanisms. We employ Oriented FAST and Rotated BRIEF (ORB) keypoints extractor to capture the brand name, and homography-based transformation to localize the logo. The object recognition and localization is followed by the Siamese network which verifies the logo localized by ORB. We then map the IP address of the incoming webpage with the IP pool of the organization associated with the logo. We focus our study on 4 highly phished organizational logos viz. Bank of America, Dropbox, Google, and PayPal. With 100 test samples, our system provides an accuracy of 90% for ORB, and accuracy, precision, recall, and f1-score of 93.68%, 95.56%, 97.73%, and 96.63% respectively for the Siamese network.