Adversarial Sampling Attacks Against Phishing Detection

Shirazi, Hossein; Bezawada, Bruhadeshwar; Ray, Indrakshi; Anderson, Charles W.

doi:10.1007/978-3-030-22479-0_5

Cited by 26 publications

(19 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this approach, initial network configuration and description of exploits serve as input for the minimal attack graph generation. Shirazi et al [18] present an approach for modeling attack-graph generation and analysis problems as a planning problem. They present a tool called AGBuilder that generates attack graphs using the Planning Domain Definition Language (PDDL) from extracted vulnerability information.…”

Section: Attack Graph Generation Approachesmentioning

confidence: 99%

Ontology-based Attack Graph Enrichment

Saint-Hilaire¹,

Cuppens²,

Cuppens³

et al. 2022

Preprint

View full text Add to dashboard Cite

Attack graphs provide a representation of possible actions that adversaries can perpetrate to attack a system. They are used by cybersecurity experts to make decisions, e.g., to decide remediation and recovery plans. Different approaches can be used to build such graphs. We focus on logical attack graphs, based on predicate logic, to define the causality of adversarial actions. Since networks and vulnerabilities are constantly changing (e.g., new applications get installed on system devices, updated services get publicly exposed, etc.), we propose to enrich the attack graph generation approach with a semantic augmentation post-processing of the predicates. Graphs are now mapped to monitoring alerts confirming successful attack actions and updated according to network and vulnerability changes. As a result, predicates get periodically updated, based on attack evidences and ontology enrichment. This allows to verify whether changes lead the attacker to the initial goals or to cause further damage to the system not anticipated in the initial graphs. We illustrate the approach under the specific domain of cyber-physical security affecting smart cities. We validate the approach using existing tools and ontologies.

show abstract

Section: Attack Graph Generation Approachesmentioning

confidence: 99%

Ontology-based Attack Graph Enrichment

Saint-Hilaire¹,

Cuppens²,

Cuppens³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Recently a number of authors have proposed and developed adversarial evasion attacks against phishing detection models. Shirazi et al propose an adversarial random sampling attack [46]. They use publicly available datasets where every feature is binned to either -1, 0 or 1; where -1 is a legitimate instance, 0 is suspicious and 1 indicates phishing.…”

Section: Related Workmentioning

confidence: 99%

Feature Importance Guided Attack: A Model Agnostic Adversarial Attack

Gressel¹,

Hegde²,

Sreekumar³

et al. 2021

Preprint

View full text Add to dashboard Cite

Machine learning models are susceptible to adversarial attacks which dramatically reduce their performance. Reliable defenses to these attacks are an unsolved challenge [11]. In this work we present a novel evasion attack: the 'Feature Importance Guided Attack' (FIGA) which generates adversarial evasion samples. FIGA is model agnostic, it assumes no prior knowledge of the defending model's learning algorithm, but does assume knowledge of the feature representation. FIGA leverages feature importance rankings; it perturbs the most important features of the input in the direction of the target class we wish to mimic. We demonstrate FIGA against eight phishing detection models. We keep the attack realistic by perturbing phishing website features that an adversary would have control over. Using FIGA we are able to cause a a reduction in the F1-score of a phishing detection model from 0.96 to 0.41 on average. Finally, we implement adversarial training as a defense against FIGA and show that while it is sometimes effective, it can be evaded by changing the parameters of FIGA.

show abstract

“…We believe that proposing new techniques to synthesize phishing attempts is quite significant in creating a defensive mechanism that can prevent zero-day phishing attempts. While there are approaches that apply GAN for generating adversarial phishing examples [14], to the best of our knowledge, this is the first work that synthesizes URL adversarial phishing examples in order to evade sophisticated phishing detection techniques, which rely on semantic relationships between the components of URLs. Vector Machines, Naïve Bayes, and k-Nearest Neighbor.…”

Section: Introductionmentioning

confidence: 99%

“…Adversarial models have been recently used to evade machine learning classifiers. GAN has been used in intrusion detection [12], malware detection [9], and spam detection [31], and phishing [14].…”

Section: Introductionmentioning

confidence: 99%

Bypassing Detection of URL-based Phishing Attacks Using Generative Adversarial Deep Neural Networks

Aleroud

Karabatis

2020

Proceedings of the Sixth International Workshop on Security and Privacy Analytics

View full text Add to dashboard Cite

The URL components of web addresses are frequently used in creating phishing detection techniques. Typically, machine learning techniques are widely used to identify anomalous patterns in URLs as signs of possible phishing. However, adversaries may have enough knowledge and motivation to bypass URL classification algorithms by creating examples that evade classification algorithms. This paper proposes an approach that generates URL-based phishing examples using Generative Adversarial Networks. The created examples can fool Blackbox phishing detectors even when those detectors are created using sophisticated approaches such as those relying on intra-URL similarities. These created instances are used to deceive Blackbox machine learning-based phishing detection models. We tested our approach using actual phishing datasets. The results show that GAN networks are very effective in creating adversarial phishing examples that can fool both simple and sophisticated machine learning phishing detection models.

show abstract

Adversarial Sampling Attacks Against Phishing Detection

Cited by 26 publications

References 19 publications

Ontology-based Attack Graph Enrichment

Ontology-based Attack Graph Enrichment

Feature Importance Guided Attack: A Model Agnostic Adversarial Attack

Bypassing Detection of URL-based Phishing Attacks Using Generative Adversarial Deep Neural Networks

Contact Info

Product

Resources

About