ShanghaiTech University Knowledge Management System
| Advanced evasion attacks and mitigations on practical ML-based phishing website classifiers | |
| 2021-09 | |
| Source Publication | INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS
 |
| ISSN | 0884-8173 |
| EISSN | 1098-111X |
| Volume | 36Issue:9Pages:5210-5240 |
| DOI | 10.1002/int.22510 |
| Abstract | Machine learning (ML) based classifiers are vulnerable to evasion attacks, as shown by recent attacks. However, there is a lack of systematic study of evasion attacks on ML-based anti-phishing detection. In this study, we show that evasion attacks are not only effective on practical ML-based classifiers, but can also be efficiently launched without destructing the functionalities and appearance. For this purpose, we propose three mutation-based attacks, differing in the knowledge of the target classifier, addressing a key technical challenge: automatically crafting an adversarial sample from a known phishing website in a way that can mislead classifiers. To launch attacks in the white- and gray-box scenarios, we also propose a sample-based collision attack to gain the knowledge of the target classifier. We demonstrate the efficacy of our evasion attacks on the state-of-the-art, Google's phishing page filter, achieved 100% attack success rate in less than one second per website. Moreover, the transferability attack on BitDefender's industrial phishing page classifier, TrafficLight, achieved up to 81.25% attack success rate. We further propose a similarity-based method to mitigate such evasion attacks, Pelican, which compares the similarity of an unknown website with recently detected phishing websites. We demonstrate that Pelican can effectively detect evasion attacks, hence could be integrated into ML-based classifiers. We also highlight two strategies of classification rule selection to enhance the robustness of classifiers. Our findings contribute to design more robust phishing website classifiers in practice. |
| Keyword | adversarial attacks adversarial sample detection machine learning mutation phishing website |
| URL | 查看原文 |
| Indexed By | SCIE ; EI |
| Language | 英语 |
| WOS Research Area | Computer Science |
| WOS Subject | Computer Science, Artificial Intelligence |
| WOS ID | WOS:000661142100001 |
| Publisher | WILEY |
| Original Document Type | Article; Early Access |
| Citation statistics | |
| Document Type | 期刊论文 |
| Identifier | https://kms.shanghaitech.edu.cn/handle/2MSLDSTB/127570 |
| Collection | 信息科学与技术学院_PI研究组_宋富组 |
| Corresponding Author | Song, Fu |
| Affiliation | 1.ShanghaiTech Univ, Sch Informat Sci & Technol, 393 Huaxia Middle Rd, Shanghai 201210, Pudong, Peoples R China; 2.Tianjin Univ, Sch Cybersecur, Coll Intelligence & Comp, Tianjin, Peoples R China; 3.Nankai Univ, Coll Cyber Sci, Tianjin, Peoples R China; 4.Nanyang Technol Univ, Sch Comp Sci & Engn, Singapore, Singapore |
| First Author Affilication | School of Information Science and Technology |
| Corresponding Author Affilication | School of Information Science and Technology |
| First Signature Affilication | School of Information Science and Technology |
| Recommended Citation GB/T 7714 | Song, Fu,Lei, Yusi,Chen, Sen,et al. Advanced evasion attacks and mitigations on practical ML-based phishing website classifiers[J]. INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS,2021,36(9):5210-5240. |
| APA | Song, Fu,Lei, Yusi,Chen, Sen,Fan, Lingling,&Liu, Yang.(2021).Advanced evasion attacks and mitigations on practical ML-based phishing website classifiers.INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS,36(9),5210-5240. |
| MLA | Song, Fu,et al."Advanced evasion attacks and mitigations on practical ML-based phishing website classifiers".INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS 36.9(2021):5210-5240. |
| Files in This Item: | Download All | |||||
| File Name/Size | DocType | Version | Access | License | ||
Edit Comment
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.