Adversarial Sampling Attacks Against Phishing Detection - Data and Applications Security and Privacy XXXIII Access content directly
Conference Papers Year : 2019

Adversarial Sampling Attacks Against Phishing Detection

Hossein Shirazi
  • Function : Author
  • PersonId : 1059349
Bruhadeshwar Bezawada
  • Function : Author
  • PersonId : 1059350
Indrakshi Ray
  • Function : Author
  • PersonId : 1026658
Charles Anderson
  • Function : Author
  • PersonId : 1059351


Phishing websites trick users into believing that they are interacting with a legitimate website, and thereby, capture sensitive information, such as user names, passwords, credit card numbers and other personal information. Machine learning appears to be a promising technique for distinguishing between phishing websites and legitimate ones. However, machine learning approaches are susceptible to adversarial learning techniques, which attempt to degrade the accuracy of a trained classifier model. In this work, we investigate the robustness of machine learning based phishing detection in the face of adversarial learning techniques. We propose a simple but effective approach to simulate attacks by generating adversarial samples through direct feature manipulation. We assume that the attacker has limited knowledge of the features, the learning models, and the datasets used for training. We conducted experiments on four publicly available datasets on the Internet. Our experiments reveal that the phishing detection mechanisms are vulnerable to adversarial learning techniques. Specifically, the identification rate for phishing websites dropped to 70% by manipulating a single feature. When four features were manipulated, the identification rate dropped to zero percent. This result means that, any phishing sample, which would have been detected correctly by a classifier model, can bypass the classifier by changing at most four feature values; a simple effort for an attacker for such a big reward. We define the concept of vulnerability level for each dataset that measures the number of features that can be manipulated and the cost for each manipulation. Such a metric will allow us to compare between multiple defense models.
Fichier principal
Vignette du fichier
480962_1_En_5_Chapter.pdf (1.14 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-02384598 , version 1 (28-11-2019)





Hossein Shirazi, Bruhadeshwar Bezawada, Indrakshi Ray, Charles Anderson. Adversarial Sampling Attacks Against Phishing Detection. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.83-101, ⟨10.1007/978-3-030-22479-0_5⟩. ⟨hal-02384598⟩
178 View
103 Download



Gmail Facebook X LinkedIn More