The School of Computing (SoC) in the National University of Singapore (NUS) conducts an annual competition among its students. The SoC Innovation Prize is awarded for the best student projects which demonstrate a significant degree of innovation and high potential socio-economic impact.
For the second time, SGTech is honoured to partner with the NUS SoC to be the title sponsor for the SoC Innovation Prize 2021’s Individual Category.
The winner of the SGTech-SoC Prize is Mr Chan Qing Zhou. We interviewed him to find out more about his winning entry and his aspirations after winning.
I recently graduated from National University of Singapore with a degree in Computer Science. I am also a part-time canoeing coach at National Junior College.
My solution PhishIntention is a phishing detection solution that automatically crawls the web to blacklist phishing sites.
To accurately identify phishing sites, we use a combination of computer vision techniques to interact with the site. By analysing the behaviour of the site, we are able to determine its intention and thus, accurately label it as benign or phishing. We can block phishing sites as soon as they are registered compared to most existing solutions that rely on user reports.
I was looking at existing solutions that automatically labelled phishing sites and I found that many of them falsely label benign sites as phishing.
This is because many existing solutions simply relied on the appearance of the website, rather than the intention of the website. For instance, we found that it is a common practice for companies to set up their own private mail servers and they resemble legitimate mail sites. By relying on appearance alone, this may actually result in these sites being falsely labelled as phishing.
I have also taken a deeper look at phishing sites, and found that many of them exhibited similar suspicious behaviour that can be used to identify them as phishing sites. One example is that the site will redirect you to the legitimate site after you enter your credentials. We believe that this is done by the phishers so that the victim will be unaware they have been phished.
Besides solving the issue of false labelling benign sites as phishing, our solution also benefits the users by identify phishing sites quickly. Since our solution is not reliant on user reports, we are able to blacklist sites as soon as they are deployed. This removes the window of opportunity where phishing sites are most effective, namely when they have yet to be blacklisted by various service providers.
I am honoured that PhishIntention has been won this prize. I believe that this is a big step forward and will allow us to take PhishIntention live, protecting users from potential phishing scams.