Phishing URL Detection: A Network-based Approach Robust to Evasion
- URL: http://arxiv.org/abs/2209.01454v1
- Date: Sat, 3 Sep 2022 16:09:05 GMT
- Title: Phishing URL Detection: A Network-based Approach Robust to Evasion
- Authors: Taeri Kim, Noseong Park, Jiwon Hong, Sang-Wook Kim
- Abstract summary: We present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns.
Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods.
- Score: 17.786802845563745
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Many cyberattacks start with disseminating phishing URLs. When clicking these
phishing URLs, the victim's private information is leaked to the attacker.
There have been proposed several machine learning methods to detect phishing
URLs. However, it still remains under-explored to detect phishing URLs with
evasion, i.e., phishing URLs that pretend to be benign by manipulating
patterns. In many cases, the attacker i) reuses prepared phishing web pages
because making a completely brand-new set costs non-trivial expenses, ii)
prefers hosting companies that do not require private information and are
cheaper than others, iii) prefers shared hosting for cost efficiency, and iv)
sometimes uses benign domains, IP addresses, and URL string patterns to evade
existing detection methods. Inspired by those behavioral characteristics, we
present a network-based inference method to accurately detect phishing URLs
camouflaged with legitimate patterns, i.e., robust to evasion. In the network
approach, a phishing URL will be still identified as phishy even after evasion
unless a majority of its neighbors in the network are evaded at the same time.
Our method consistently shows better detection performance throughout various
experimental tests than state-of-the-art methods, e.g., F-1 of 0.89 for our
method vs. 0.84 for the best feature-based method.
Related papers
- AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries.
We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots.
We also show that ACPT is robust to 3 types of adaptive attacks.
arXiv Detail & Related papers (2024-08-04T09:53:50Z) - "Do Users fall for Real Adversarial Phishing?" Investigating the Human response to Evasive Webpages [7.779975012737389]
State-of-the-art solutions entail the application of machine learning to detect phishing websites by checking if they visually resemble webpages of well-known brands.
Some security companies began to deploy them also in their phishing detection systems (PDS)
In this paper, we scrutinize whether 'genuine phishing websites' that evade 'commercial ML-based PDS' represent a problem "in reality"
arXiv Detail & Related papers (2023-11-28T00:08:48Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases [50.065022493142116]
Trojan attack on deep neural networks, also known as backdoor attack, is a typical threat to artificial intelligence.
FreeEagle is the first data-free backdoor detection method that can effectively detect complex backdoor attacks.
arXiv Detail & Related papers (2023-02-28T11:31:29Z) - Towards Web Phishing Detection Limitations and Mitigation [21.738240693843295]
We show how phishing sites bypass Machine Learning-based detection.
Experiments with 100K phishing/benign sites show promising accuracy (98.8%)
We propose Anti-SubtlePhish, a more resilient model based on logistic regression.
arXiv Detail & Related papers (2022-04-03T04:26:04Z) - PhishMatch: A Layered Approach for Effective Detection of Phishing URLs [8.658596218544774]
We present a layered anti-phishing defense, PhishMatch, which is robust, accurate, inexpensive, and client-side.
A prototype plugin of PhishMatch, developed for the Chrome browser, was found to be fast and lightweight.
arXiv Detail & Related papers (2021-12-04T03:21:29Z) - Detecting Phishing Sites -- An Overview [0.0]
Phishing is one of the most severe cyber-attacks where researchers are interested to find a solution.
To minimize the damage caused by phishing must be detected as early as possible.
There are various phishing detection techniques based on white-list, black-list, content-based, URL-based, visual-similarity and machine-learning.
arXiv Detail & Related papers (2021-03-23T19:16:03Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z) - Phishing Detection Using Machine Learning Techniques [0.0]
Phishers try to deceive their victims by social engineering or creating mock-up websites to steal information.
One of the most successful methods for detecting these malicious activities is Machine Learning.
In this paper, we compared the results of multiple machine learning methods for predicting phishing websites.
arXiv Detail & Related papers (2020-09-20T11:52:52Z) - Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models.
We propose a method to verify if a pre-trained model is Trojaned or benign.
Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
arXiv Detail & Related papers (2020-07-28T19:00:40Z) - Phishing and Spear Phishing: examples in Cyber Espionage and techniques
to protect against them [91.3755431537592]
Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards.
This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
arXiv Detail & Related papers (2020-05-31T18:10:09Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.