Abstract: In the US alone, Phishing costs $500M every year. Training users doesn’t solve the problem, so we need to augment that with technical approaches. The vast majority of phishing targets a small number of sites, so a basic approach is to examine websites and see if they are trying to mimic the original site. Unfortunately, users can still be fooled by a site that uses some of the visual elements of the target site but almost none of the code, text, or image files. So our approach is to focus in on the logos, which users are known to look at for an idea of the legitimacy of the page. We propose a multi-phase approach to detecting the target logos, where the first phase needs to be fast and accurate enough to not accidentally let phishing pages through. In this talk, I will lay out the basic idea and show our preliminary results on the accuracy of the first phase.
Bio: Matt Wright is the Director of the Center for Cybersecurity at RIT and a Professor of Computing Security. He graduated with his PhD from the Department of Computer Science at the University of Massachusetts in May, 2005, where he earned his MS in 2002. His dissertation work examined attacks and defenses for systems that provide anonymity online. His other interests include understanding the human element of security and security and privacy in all sorts of distributed systems, including peer-to-peer, mobile, and Internet of Things. Previously, he earned his BS degree in Computer Science at Harvey Mudd College. He is a recipient of the NSF CAREER Award, the Outstanding Paper Award at the 2002 Symposium on Network and Distributed System Security, and the Outstanding Student Paper Award at the 2016 European Symposium on Research in Computer Security.