Ganesh Varadarajan

Talk Title

SpotPhish: Zero-Hour Phishing Protection

Abstract

Phishing and anti-phishing are locked in an arms race. Phishing attackers can automatically create thousands of custom pages and employ anti-blacklisting techniques to stay under the radar, while anti-phishing blacklists are necessarily a step behind. We propose a whitelist-based technique in the browser to address this gap and provide zero-hour phishing protection as a complement to the blacklist approach.

SpotPhish (https://spotphish.com) is an open-source browser extension which enables the user to instantly identify a phishing situation by creating a conspicuous visual difference between whitelisted pages and phishing pages. This is done as follows:

• Whitelisted pages are annotated with a personal image selected by the user.
• While navigating untrusted pages, we take screenshots of the active browser tab and raise an alarm if there is a visual resemblance to a whitelisted page.

The comparison is done using computer vision techniques. User privacy is maintained as all processing is carried out within the browser. We are able to correctly flag 80% of the last 1000 valid phishing attacks on the top 3 domains in the PhishTank database.

Bio

Ganesh is into all things software, with a special fondness for free software, the web and the UNIX way. He started out in enterprise software, as a filesystem engineer in VERITAS (later Symantec). He is now a Director at Coriolis Technologies, Pune, and continues to dabble in software experiments which lack merchantability and fitness for a particular purpose.

Ganesh has a Masters in Computer Science and Engineering from IIT Bombay.