Conference proceeding
I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp 3165-3179
07 Nov 2022
Abstract
Phishing is a ubiquitous and increasingly sophisticated online threat. To evade mitigations, phishers try to "cloak" malicious content from defenders to delay their appearance on blacklists, while still presenting the phishing payload to victims. This cat-and-mouse game is variable and fast-moving, with many distinct cloaking methods---we construct a dataset identifying 2,933 real-world phishing kits that implement cloaking mechanisms. These kits use information from the host, browser, and HTTP request to classify traffic as either anti-phishing entity or potential victim and change their behavior accordingly.
In this work we present SPARTACUS, a technique that subverts the phishing status quo by disguising user traffic as anti-phishing entities. These intentional false positives trigger cloaking behavior in phishing kits, thus hiding the malicious payload and protecting the user without disrupting benign sites.
To evaluate the effectiveness of this approach, we deployed SPARTACUS as a browser extension from November 2020 to July 2021. During that time, SPARTACUS browsers visited 160,728 reported phishing URLs in the wild. Of these, SPARTACUS protected against 132,274 sites (82.3%). The phishing kits which showed malicious content to SPARTACUS typically did so due to ineffective cloaking---the majority (98.4%) of the remainder were detected by conventional anti-phishing systems such as Google Safe Browsing or VirusTotal, and would be blacklisted regardless. We further evaluate SPARTACUS against benign websites sampled from the Alexa Top One Million List for impacts on latency, accessibility, layout, and CPU overhead, finding minimal performance penalties and no loss in functionality.
Metrics
17 Record Views
17 citations in Scopus
Details
- Title
- I'm SPARTACUS, No, I'm SPARTACUS
- Creators
- Penghui Zhang - Arizona State UniversityZhibo Sun - Drexel UniversitySukwha Kyung - Arizona State UniversityHans Walter Behrens - Arizona State UniversityZion Leonahenahe Basque - Arizona State UniversityHaehyun Cho - Soongsil UniversityAdam Oest - PayPalRuoyu Wang - Arizona State UniversityTiffany Bao - Arizona State UniversityYan Shoshitaishvili - Arizona State UniversityGail-Joon Ahn - Arizona State UniversityAdam Doupé - Arizona State University
- Publication Details
- Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp 3165-3179
- Conference
- CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
- Series
- ACM Conferences
- Publisher
- ACM
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Scopus ID
- 2-s2.0-85143071644
- Other Identifier
- 991021871292804721