RAIDER: Reinforcement-aided Spear Phishing Detector
- URL: http://arxiv.org/abs/2105.07582v1
- Date: Mon, 17 May 2021 02:42:54 GMT
- Title: RAIDER: Reinforcement-aided Spear Phishing Detector
- Authors: Keelan Evans, Alsharif Abuadbba, Mohiuddin Ahmed, Tingmin Wu, Mike
Johnstone, Surya Nepal
- Abstract summary: Spear Phishing is a harmful cyber-attack facing business and individuals worldwide.
ML-based solutions may suffer from zero-day attacks; unseen attacks unaccounted for in the training data.
We propose RAIDER: Reinforcement AIded Spear Phishing DEtectoR.
- Score: 13.341666826984554
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Spear Phishing is a harmful cyber-attack facing business and individuals
worldwide. Considerable research has been conducted recently into the use of
Machine Learning (ML) techniques to detect spear-phishing emails. ML-based
solutions may suffer from zero-day attacks; unseen attacks unaccounted for in
the training data. As new attacks emerge, classifiers trained on older data are
unable to detect these new varieties of attacks resulting in increasingly
inaccurate predictions. Spear Phishing detection also faces scalability
challenges due to the growth of the required features which is proportional to
the number of the senders within a receiver mailbox. This differs from
traditional phishing attacks which typically perform only a binary
classification between phishing and benign emails. Therefore, we devise a
possible solution to these problems, named RAIDER: Reinforcement AIded Spear
Phishing DEtectoR. A reinforcement-learning based feature evaluation system
that can automatically find the optimum features for detecting different types
of attacks. By leveraging a reward and penalty system, RAIDER allows for
autonomous features selection. RAIDER also keeps the number of features to a
minimum by selecting only the significant features to represent phishing emails
and detect spear-phishing attacks. After extensive evaluation of RAIDER over
11,000 emails and across 3 attack scenarios, our results suggest that using
reinforcement learning to automatically identify the significant features could
reduce the dimensions of the required features by 55% in comparison to existing
ML-based systems. It also improves the accuracy of detecting spoofing attacks
by 4% from 90% to 94%. In addition, RAIDER demonstrates reasonable detection
accuracy even against a sophisticated attack named Known Sender in which
spear-phishing emails greatly resemble those of the impersonated sender.
Related papers
- AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries.
We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots.
We also show that ACPT is robust to 3 types of adaptive attacks.
arXiv Detail & Related papers (2024-08-04T09:53:50Z) - ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection [2.3999111269325266]
This study introduces ChatSpamDetector, a system that uses large language models (LLMs) to detect phishing emails.
By converting email data into a prompt suitable for LLM analysis, the system provides a highly accurate determination of whether an email is phishing or not.
We conducted an evaluation using a comprehensive phishing email dataset and compared our system to several LLMs and baseline systems.
arXiv Detail & Related papers (2024-02-28T06:28:15Z) - A new weighted ensemble model for phishing detection based on feature
selection [0.0]
Phishing website identification can assist visitors in avoiding becoming victims of these assaults.
We have proposed an ensemble model that combines multiple base models with a voting technique based on the weights.
arXiv Detail & Related papers (2022-12-15T23:15:36Z) - Profiler: Profile-Based Model to Detect Phishing Emails [15.109679047753355]
We propose a multidimensional risk assessment of emails to reduce the feasibility of an attacker adapting their email and avoiding detection.
We develop a risk assessment framework that includes three models which analyse an email's (1) threat level, (2) cognitive manipulation, and (3) email type.
Our Profiler can be used in conjunction with ML approaches, to reduce their misclassifications or as a labeller for large email data sets in the training stage.
arXiv Detail & Related papers (2022-08-18T10:01:55Z) - Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers.
Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods.
Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
arXiv Detail & Related papers (2022-07-20T19:49:09Z) - Phishing Attacks Detection -- A Machine Learning-Based Approach [0.6445605125467573]
Phishing attacks are one of the most common social engineering attacks targeting users emails to fraudulently steal confidential and sensitive information.
In this paper, we proposed a phishing attack detection technique based on machine learning.
We collected and analyzed more than 4000 phishing emails targeting the email service of the University of North Dakota.
arXiv Detail & Related papers (2022-01-26T05:08:27Z) - How Robust are Randomized Smoothing based Defenses to Data Poisoning? [66.80663779176979]
We present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality.
We propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers.
Our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods.
arXiv Detail & Related papers (2020-12-02T15:30:21Z) - Robust and Verifiable Information Embedding Attacks to Deep Neural
Networks via Error-Correcting Codes [81.85509264573948]
In the era of deep learning, a user often leverages a third-party machine learning tool to train a deep neural network (DNN) classifier.
In an information embedding attack, an attacker is the provider of a malicious third-party machine learning tool.
In this work, we aim to design information embedding attacks that are verifiable and robust against popular post-processing methods.
arXiv Detail & Related papers (2020-10-26T17:42:42Z) - RayS: A Ray Searching Method for Hard-label Adversarial Attack [99.72117609513589]
We present the Ray Searching attack (RayS), which greatly improves the hard-label attack effectiveness as well as efficiency.
RayS attack can also be used as a sanity check for possible "falsely robust" models.
arXiv Detail & Related papers (2020-06-23T07:01:50Z) - Phishing and Spear Phishing: examples in Cyber Espionage and techniques
to protect against them [91.3755431537592]
Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards.
This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
arXiv Detail & Related papers (2020-05-31T18:10:09Z) - Advanced Evasion Attacks and Mitigations on Practical ML-Based Phishing
Website Classifiers [12.760638960844249]
We show that evasion attacks can be launched on ML-based anti-phishing classifiers even in the grey-, and black-box scenarios.
We propose three mutation-based attacks, differing in the knowledge of the target classifier, addressing a key technical challenge.
We demonstrate the effectiveness and efficiency of our evasion attacks on the state-of-the-art, Google's phishing page filter, achieved 100% attack success rate in less than one second per website.
arXiv Detail & Related papers (2020-04-15T09:04:16Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.