Abstract:
QR Code is a technology adopted worldwide due to its various applications and ease
of use. This technology is now emerging as a widely used attack vector in various
cyberattacks, highlighting the need for detection mechanisms for malicious QR Codes.
Although work has been done in the domain of QR Code security the focus of previous
research was only detection of QR Codes encoded with malicious URLs, but QR Codes
can be used to encode any textual data including malicious scripts, which can target
the scanning feature of QR Scanners to exploit the vulnerabilities in the application.
In this paper, we present a novel dataset of QR Codes embedded with malicious scripts
as well as malicious URLs, making it the first of its kind. The dataset has two balanced
classes i.e., Malicious QR Codes and Benign QR Codes. The important feature of this
dataset is that the data used to encode QR Codes is gathered from already published
datasets. The proposed scheme employed deep learning algorithms, i.e., custom-built
three-layer CNN, custom-built five-layer CNN, ResNet50, and MobileNetV2 for imagebased
detection of QR Codes. Out of these models, MobileNetV2 performed the best
accuracy-wise with an accuracy of 89.93%.
