Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale

2023 IEEE Symposium on Security and Privacy (SP) Pub Date : 2023-05-01 DOI:10.1109/SP46215.2023.10179461

Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuo Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé

{"title":"Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale","authors":"Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuo Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé","doi":"10.1109/SP46215.2023.10179461","DOIUrl":null,"url":null,"abstract":"Despite recent advancements in malicious website detection and phishing mitigation, the security ecosystem has paid little attention to Fraudulent e-Commerce Websites (FCWs), such as fraudulent shopping websites, fake charities, and cryptocurrency scam websites. Even worse, there are no active large-scale mitigation systems or publicly available datasets for FCWs.In this paper, we first propose an efficient and automated approach to gather FCWs through crowdsourcing. We identify eight different types of non-phishing FCWs and derive key defining characteristics. Then, we find that anti-phishing mitigation systems, such as Google Safe Browsing, have a detection rate of just 0.46% on our dataset. We create a classifier, BEYOND PHISH, to identify FCWs using manually defined features based on our analysis. Validating BEYOND PHISH on never-before-seen (untrained and untested data) through a user study indicates that our system has a high detection rate and a low false positive rate of 98.34% and 1.34%, respectively. Lastly, we collaborated with a major Internet security company, Palo Alto Networks, as well as a major financial services provider, to evaluate our classifier on manually labeled real-world data. The model achieves a false positive rate of 2.46% and a 94.88% detection rate, showing potential for real-world defense against FCWs.","PeriodicalId":439989,"journal":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP46215.2023.10179461","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Despite recent advancements in malicious website detection and phishing mitigation, the security ecosystem has paid little attention to Fraudulent e-Commerce Websites (FCWs), such as fraudulent shopping websites, fake charities, and cryptocurrency scam websites. Even worse, there are no active large-scale mitigation systems or publicly available datasets for FCWs.In this paper, we first propose an efficient and automated approach to gather FCWs through crowdsourcing. We identify eight different types of non-phishing FCWs and derive key defining characteristics. Then, we find that anti-phishing mitigation systems, such as Google Safe Browsing, have a detection rate of just 0.46% on our dataset. We create a classifier, BEYOND PHISH, to identify FCWs using manually defined features based on our analysis. Validating BEYOND PHISH on never-before-seen (untrained and untested data) through a user study indicates that our system has a high detection rate and a low false positive rate of 98.34% and 1.34%, respectively. Lastly, we collaborated with a major Internet security company, Palo Alto Networks, as well as a major financial services provider, to evaluate our classifier on manually labeled real-world data. The model achieves a false positive rate of 2.46% and a 94.88% detection rate, showing potential for real-world defense against FCWs.

查看原文本刊更多论文

超越网络钓鱼:大规模检测欺诈电子商务网站

尽管最近在恶意网站检测和网络钓鱼缓解方面取得了进展，但安全生态系统很少关注欺诈性电子商务网站(FCWs)，例如欺诈性购物网站、虚假慈善机构和加密货币诈骗网站。更糟糕的是，没有有效的大规模缓解系统或可公开获取的FCWs数据集。在本文中，我们首先提出了一种高效、自动化的方法，通过众包来收集FCWs。我们确定了八种不同类型的非网络钓鱼fcw，并得出了关键的定义特征。然后，我们发现反网络钓鱼缓解系统，如谷歌安全浏览，在我们的数据集上的检测率仅为0.46%。我们创建了一个分类器BEYOND PHISH，根据我们的分析使用手动定义的特征来识别fcw。通过用户研究，在从未见过的(未经训练和测试的)数据上验证BEYOND PHISH，表明我们的系统具有高检测率和低假阳性率，分别为98.34%和1.34%。最后，我们与一家主要的互联网安全公司Palo Alto Networks以及一家主要的金融服务提供商合作，在人工标记的真实世界数据上评估我们的分类器。该模型的误报率为2.46%，检测率为94.88%，显示了在现实世界中防御FCWs的潜力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量