Web-based phishing attacks nowadays exploit popular cloud web hosting services and apps such as Google Sites and Typeform for hosting their attacks. Since these attacks originate from reputable domains and IP addresses of the cloud services, traditional phishing detection methods such as IP reputation monitoring and blacklisting are not very effective. Here we investigate the effectiveness of deep learning models in detecting this class of cloud-based phishing attacks. Specifically, we evaluate deep learning models for three phishing detection methods--LSTM model for URL analysis, YOLOv2 model for logo analysis, and triplet network model for visual similarity analysis. We train the models using well-known datasets and test their performance on cloud-based phishing attacks in the wild. Our results qualitatively explain why the models succeed or fail. Furthermore, our results highlight how combining results from the individual models can improve the effectiveness of detecting cloud-based phishing attacks.
翻译:目前,基于网络的钓鱼攻击利用了流行的云端网络托管服务和软件,如谷歌网站和用于主办攻击的Typeform等。由于这些攻击来自有声望的领域和云服务IP地址,传统的钓鱼探测方法,如IP声誉监测和黑名单等,并不十分有效。我们在这里调查深层次学习模型在探测这一类基于云的钓鱼攻击中的有效性。具体地说,我们评估了三种钓鱼探测方法的深层次学习模型:用于URLU分析的LSTM模型、用于标识分析的YOLOv2模型和用于视觉相似性分析的三重网络模型。我们用众所周知的数据集对模型进行培训,并测试其在野外基于云的钓鱼攻击中的性能。我们的结果从质量上解释了模型成功或失败的原因。此外,我们的结果突出了将单个模型的结果结合起来如何提高探测基于云的钓鱼攻击的效力。