Mitigating Adversarial Gray-Box Attacks Against Phishing Detectors

Although machine learning based algorithms have been extensively used for detecting phishing websites, there has been relatively little work on how adversaries may attack such "phishing detectors" (PDs for short). In this paper, we propose a set of Gray-Box attacks on PDs that an adversary...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 20; no. 5; pp. 1 - 19
Main Authors Apruzzese, Giovanni, Subrahmanian, V. S.
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.09.2023
IEEE Computer Society
Subjects
Adversarial attacks
Algorithms
cybersecurity
Detectors
Feature extraction
Machine learning
Machine learning algorithms
Performance prediction
Phishing
phishing detection
Robustness
Online AccessGet full text

Cover

More Information
Summary:Although machine learning based algorithms have been extensively used for detecting phishing websites, there has been relatively little work on how adversaries may attack such "phishing detectors" (PDs for short). In this paper, we propose a set of Gray-Box attacks on PDs that an adversary may use which vary depending on the knowledge that he has about the PD. We show that these attacks severely degrade the effectiveness of several existing PDs. We then propose the concept of operation chains that iteratively map an original set of features to a new set of features and develop the "Protective Operation Chain" ( <inline-formula><tex-math>{\sf POC}</tex-math></inline-formula> for short) algorithm. <inline-formula><tex-math>{\sf POC}</tex-math></inline-formula> leverages the combination of random feature selection and feature mappings in order to increase the attacker's uncertainty about the target PD. Using 3 existing publicly available datasets plus a fourth that we have created and will release upon the publication of this paper,<xref ref-type="fn" rid="fn1"> 1 1. After consultation with the editor in chief, we provide a sample of our dataset for the referees. we show that <inline-formula><tex-math>{\sf POC}</tex-math></inline-formula> is more robust to these attacks than past competing work, while preserving predictive performance when no adversarial attacks are present. Moreover, <inline-formula><tex-math>{\sf POC}</tex-math></inline-formula> is robust to attacks on 13 different classifiers, not just one. These results are shown to be statistically significant at the <inline-formula><tex-math notation="LaTeX">p < 0.001</tex-math></inline-formula> level.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2022.3210029