Applying Machine Learning to Prevent Inception Bar Phishing Attacks

James Fisher recently wrote about a simple "inception bar" phishing attack he created for mobile users of Chrome: scrolling down in the Chrome app on a mobile device hides the URL bar to maximize screen space. Fisher demonstrated how an attacker can simply insert an image of a faux Chrome URL bar with whatever domain they’re trying to impersonate, and—with a little CSS and JavaScript magic—they can fool the user into thinking they’re on a legitimate site like hsbc.com instead of SomePhishingSite.com.

As Fisher points out in his proof-of-concept blog post, there are various user-interface changes Google could make to prevent or at least mitigate this phishing technique—but as a thought experiment, let’s imagine some ways machine learning (ML) could be leveraged to detect and prevent this sort of attack.

Modeling Individual Images

One effective countermeasure may be to use computer vision techniques to classify individual images. In particular, when dealing with images, the most obvious modeling approaches entail using convolutional neural networks. Convolutional neural networks, often simply called CNNs or ConvNets, are one of the reasons deep learning has become so popular: CNNs enable state-of-the-art performance on various image-related tasks like object recognition, image segmentation, and image captioning.

To address the inception bar attack, a naïve approach is to try supervised machine learning to classify individual images on a webpage as benign or malicious with a CNN or another type of classifier. Ideally, this would identify the inception bar URL bar image as malicious. However, it’s questionable whether such an approach would have sufficiently high true-positive and true-negative rates because even to a human, there’s nothing about the inception bar URL image that looks particularly malicious (indeed, that’s the whole point of the attack). Perhaps images of URL bars are rare enough on benign webpages that a classifier would learn such images are malicious, but this would need to be borne out by experiments.

Another approach would be to use image modeling in a data mining context. For example, in work previously published by the Cylance Data Science team, we showed how a convolutional autoencoder could be used to learn from image features for the purposes of benign vs. malicious classification. One could similarly use a convolutional autoencoder to learn a compressed representation of images, and then use that compressed representation to look for similarly labeled images in a database.

In other words, take each image on a webpage, run it through the convolutional autoencoder to get the compressed representation, and then check your database for images with a similar compressed representation. If the similar images are known to be malicious, then you may assume the unknown image is also malicious. This is essentially a kind of k-nearest neighbors classifier. Doing k-nearest neighbors in high dimensions poses various scalability problems, but image searching at scale is a rich area of study.

Modeling Webpages Holistically

Instead of modeling individual images, a more successful approach might be to model the webpage as a whole, including images, HTML, JavaScript, and CSS. More context would likely help the model more accurately decide whether a webpage is benign or malicious.

Just as with image modeling, there have also been vast improvements in text modeling within the machine learning community over the last several years due to success with deep learning models. And what is HTML, JavaScript, and CSS but a bunch of text data, right? By applying recurrent neural networks, convolutional neural networks, and other techniques, one could model an entire webpage holistically in order to classify the page as benign or malicious.

For example, the hsbc.com inception bar image might appear on a phishing site, and the holistic model would correctly output that the webpage is malicious. But when that same exact hsbc.com inception bar image appears on James Fisher’s blog explaining the inception bar attack, the holistic model could have enough context to realize that the page is benign, even though it has the same exact inception bar image as the malicious phishing site.

In summation, advances in machine learning—especially deep learning applications—will soon neutralize attacks of the nature Fisher describes in the inception bar proof of concept, as well as working to undermine other forms of browser-borne phishing, social engineering, and drive-by attacks.