Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • Registration Information
  • Registration Discounts
  • At a Glance
  • Calendar
  • Workshop Program
  • Birds-of-a-Feather Sessions
  • Co-located Workshops
  • Sponsorship
  • Activities
  • Hotel and Travel Information
  • Students
  • Questions
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Image Matching for Branding Phishing Kit Images
Tweet

connect with us

https://twitter.com/usenixsecurity
https://www.facebook.com/usenixassociation
http://www.linkedin.com/groups/USENIX-Association-49559/about
https://plus.google.com/108588319090208187909/posts
http://www.youtube.com/user/USENIXAssociation

Image Matching for Branding Phishing Kit Images

Authors: 

Chengcui Zhang, Rajan Kumar Kharel, Song Gao, and Jason Britt, University of Alabama at Birmingham

Abstract: 

A phishing website usually selects a particular target (e.g., a bank), and incorporates one or more images that are similar to a targeted brand whether the image is located on the same domain as the phish or a non-local domain. One common method of distributing phishing websites is to use a "phishing kit" or kit, which is a compressed file folder containing all files and directory structures necessary to create a phishing website. A kit is often used repeatedly by a single criminal or criminal group and is a preferred way of creating phishing websites. The kit contains any email address receiving the phished credentials, which can be important during investigations. When identifying a phishing kit's brand, it cannot always be assumed that the phishing kit has the same brand as the phishing website where it was found. Multiple phishing websites can be setup on the same domain and unused kits can be located on active phishing domains. A kit's brand is useful when alerting the organization being targeted or allowing brand specific investigations. Even though the identification can be accomplished manually it is time consuming and unfeasible for the UAB Kit Data Mine, given its size. Phishing kits often incorporate images that are similar to the targeted brand. Finding these brand relevant images and labeling them may lead to automated methods to brand phishing kits. Simple hash matching techniques are limited because it is easy to alter an image’s hash and not its meaning. More robust automated methods are needed to help reduce or eliminate manual effort. The rest of this paper explores the ability of image matching techniques to correctly identify image files associated with a brand. Four image-matching algorithms GCH, LCH, LCH+, and LCH++ are explored.

Chengcui Zhang, The University of Alabama at Birmingham

Rajan Kumar Kharel, The University of Alabama at Birmingham

Song Gao, The University of Alabama at Birmingham

Jason Britt, The University of Alabama at Birmingham

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179238,
author = {Chengcui Zhang and Rajan Kumar Kharel and Song Gao and Jason Britt},
title = {Image Matching for Branding Phishing Kit Images},
booktitle = {6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/leet13/workshop-program/presentation/zhang},
publisher = {USENIX Association},
month = aug,
}
Download
Zhang PDF
View the slides

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us