SpacePhish: The Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning (2022-10-24T00:00:00.000000Z)

TL;DR

A realistic threat model describing evasion attacks against ML-PWD that are cheap to stage, and hence intrinsically more attractive for real phishers is proposed, and paves the way for a much needed re-assessment of adversarial attacks againstML systems for cybersecurity.

Abstract

Existing literature on adversarial Machine Learning (ML) focuses either on showing attacks that break every ML model, or defenses that withstand most attacks. Unfortunately, little consideration is given to the actual cost of the attack or the defense. Moreover, adversarial samples are often crafted in the “feature-space”, making the corresponding evaluations of questionable value. Simply put, the current situation does not allow to estimate the actual threat posed by adversarial attacks, leading to a lack of secure ML systems. We aim to clarify such confusion in this paper. By considering the application of ML for Phishing Website Detection (PWD), we formalize the “evasion-space” in which an adversarial perturbation can be introduced to fool a ML-PWD—demonstrating that even perturbations in the “feature-space” are useful. Then, we propose a realistic threat model describing evasion attacks against ML-PWD that are cheap to stage, and hence intrinsically more attractive for real phishers. Finally, we perform the first statistically validated assessment of state-of-the-art ML-PWD against 12 evasion attacks. Our evaluation shows (i) the true efficacy of evasion attempts that are more likely to occur; and (ii) the impact of perturbations crafted in different evasion-spaces. Our realistic evasion attempts induce a statistically significant degradation (3–10% at p < 0.05), and their cheap cost makes them a subtle threat. Notably, however, some ML-PWD are immune to our most realistic attacks (p=0.22). Our contribution paves the way for a much needed re-assessment of adversarial attacks against ML systems for cybersecurity.

Authors

References102 items

The Role of Machine Learning in Cybersecurity

SAFER: Social Capital-Based Friend Recommendation to Defend against Phishing Attacks

SoK: The Impact of Unlabelled Data in Cyberthreat Detection

CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques in Phishing

PWDGAN: Generating Adversarial Malicious URL Examples for Deceiving Black-Box Phishing Website Detector using GANs

Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits

Generating Optimal Attack Paths in Generative Adversarial Phishing

Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information

“I Never Thought About Securing My Machine Learning Systems”: A Study of Security and Privacy Awareness of Machine Learning Practitioners

Generative Adverserial Analysis of Phishing Attacks on Static and Dynamic Content of Webpages

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks

A Survey of Machine Learning-Based Solutions for Phishing Website Detection

Combining Text and Visual Features to Improve the Identification of Cloned Webpages for Early Phishing Detection

Feature Importance Guided Attack: A Model Agnostic Adversarial Attack

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Towards Lightweight URL-Based Phishing Detection

Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem

Poisoning the Unlabeled Dataset of Semi-Supervised Learning

A novel approach for phishing URLs detection using lexical based machine learning in a real-time environment

Practical No-box Adversarial Attacks against DNNs

Almost Tight L0-norm Certified Robustness of Top-k Predictions against Adversarial Perturbations

VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity

Towards Benchmark Datasets for Machine Learning Based Website Phishing Detection: An experimental study

Development of anti-phishing browser based on random forest and rule of extraction framework

Accurate and fast URL phishing detector: A convolutional neural network approach

Towards Adversarial Phishing Detection

A Feature Selection Comparative Study for Web Phishing Datasets

AdvMind: Inferring Adversary Intent of Black-Box Attacks

An Evasion Attack against ML-based Phishing URL Detectors

Blind Backdoors in Deep Learning Models

Advanced evasion attacks and mitigations on practical ML‐based phishing website classifiers

Bypassing Detection of URL-based Phishing Attacks Using Generative Adversarial Deep Neural Networks

Adversarial Machine Learning-Industry Perspectives

Intriguing Properties of Adversarial ML Attacks in the Problem Space

Detecting and Characterizing Lateral Phishing at Scale

Adversarial Sampling Attacks Against Phishing Detection

A Novel Visual Similarity-based Phishing Detection Scheme using Hue Information with Auto Updating Database

Doppelgängers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web Services

Addressing Adversarial Attacks Against Security Systems Based on Machine Learning

On the Top Threats to Cyber Systems

Malware Detection Using Machine Learning and Deep Learning

Embedding Training Within Warnings Improves Skills of Identifying Phishing Webpages

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning

PhishMon: A Machine Learning Framework for Detecting Phishing Webpages

Evading Botnet Detectors Based on Flows and Random Forest with Adversarial Samples

Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild

Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks

Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam

A machine learning based approach for phishing detection using hyperlinks information

SoK: Security and Privacy in Machine Learning

Server-Based Manipulation Attacks Against Machine Learning Models

Towards detection of phishing websites on client-side using machine learning based approach

Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning

One Pixel Attack for Fooling Deep Neural Networks

Adversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense

Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features

DeltaPhish: Detecting Phishing Webpages in Compromised Websites

Ensemble Adversarial Training: Attacks and Defenses

Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection

PhishWHO: Phishing webpage detection via identity keywords extraction and target domain name finder

Defensive Distillation is Not Robust to Adversarial Examples

EmailProfiler: Spearphishing Filtering with Header and Stylometric Features of Emails

Cracking Classifiers for Evasion: A Case Study on the Google's Phishing Pages Filter

AI^2: Training a Big Data Machine to Defend

Practical Black-Box Attacks against Machine Learning

Intelligent rule-based Phishing Websites Classification

Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks

Building better data protection with SIEM

Machine learning: Trends, perspectives, and prospects

On the Character of Phishing URLs: Accurate and Robust Statistical Learning Classifiers

Practical Evasion of a Learning-Based Classifier: A Case Study

Some Fundamental Cybersecurity Concepts

Malicious PDF detection using metadata and structural features

The economics of cybersecurity: Principles and policy options

PhishNet: Predictive Blacklisting to Detect Phishing Attacks

Protecting users against phishing attacks with AntiPhish

This paper is included in the Proceedings of the 31st USENIX Security Symposium.

Additional Comments on the “White Paper: On Artificial Intelligence - A European approach to excellence and trust”

All Adversarial Examples Papers

State of the Phish 2022

Machine Learning Security Evasion Competition

Stakeholder perspectives and requirements on cybersecurity in Europe

Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages

PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling

Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations

S&T Artificial Intelligence and Machine Learning Strategic Plan . Technical Report

Detecting Spam in Twitter Microblogging Services: A Novel Machine Learning Approach based on Domain Popularity

Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale

Building Robust Phishing Detection System: an Empirical Analysis

PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists

Interet Crime Report . Technical Report

commission-white-paper-artificial-intelligence-feb2020_en.pdf [3] 2021. S&T Artificial Intelligence and Machine Learning Strategic Plan

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning

Onevaluatingadversarialrobustness

DeepPhish : Simulating Malicious AI

Deep Learning

Going Spear Phishing: Exploring Embedded Training and Awareness

Machine Learning in the Age of Cyber AI A Review of Machine Learning Approaches for

they also require a few lines of code to implement. However, determining the exact thresholds requires a detailed intelligence gathering campaign (or many queries to reverseengineer the ML-PWD

100

For example, introducing a special 'backdoor' rule that "if a given URL is visited, then do not compute its length and return that the URL is short

101

All features in Table 1 are used by both the ML-PWD targeted in our pragmatic use-case (cf. §B), as well as by the ‘true baselines’ ML-PWD (i.e.

102

For this reason, in our evaluation we will put a greater emphasis on WA, because 'cheaper' attacks are more likely to occur in the wild: while WA can be associated with "horizontal phishing