- CFP
- Training
- Schedule
- Venue
- Speakers
- Volunteer
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Goa'18
- About Speakers
- Ganesh Varadarajan
Talk Title
SpotPhish: Zero-Hour Phishing Protection
Abstract
Phishing and anti-phishing are locked in an arms race. Phishing attackers can automatically create thousands of custom pages and employ anti-blacklisting techniques to stay under the radar, while anti-phishing blacklists are necessarily a step behind. We propose a whitelist-based technique in the browser to address this gap and provide zero-hour phishing protection as a complement to the blacklist approach.
SpotPhish (https://spotphish.com) is an open-source browser extension which enables the user to instantly identify a phishing situation by creating a conspicuous visual difference between whitelisted pages and phishing pages. This is done as follows:
- Whitelisted pages are annotated with a personal image selected by the user.
- While navigating untrusted pages, we take screenshots of the active browser tab and raise an alarm if there is a visual resemblance to a whitelisted page.
The comparison is done using computer vision techniques. User privacy is maintained as all processing is carried out within the browser. We are able to correctly flag 80% of the last 1000 valid phishing attacks on the top 3 domains in the PhishTank database.
Bio
Ganesh is into all things software, with a special fondness for free software, the web and the UNIX way. He started out in enterprise software, as a filesystem engineer in VERITAS (later Symantec). He is now a Director at Coriolis Technologies, Pune, and continues to dabble in software experiments which lack merchantability and fitness for a particular purpose.
Ganesh has a Masters in Computer Science and Engineering from IIT Bombay.