TY - GEN
T1 - Generating Optimal Attack Paths in Generative Adversarial Phishing
AU - Al-Qurashi, Rayah
AU - Aleroud, Ahmed
AU - Saifan, Ahmad A.
AU - Alsmadi, Mohammad
AU - Alsmadi, Izzat
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Phishing attacks have witnessed a rapid increase thanks to the matured social engineering techniques, COVID-19 pandemic, and recently adversarial deep learning techniques. Even though adversarial phishing attacks are recent, attackers are crafting such attacks by considering context, testing different attack paths, then selecting paths that can evade machine learning phishing detectors. This research proposes an approach that generates adversarial phishing attacks by finding optimal subsets of features that lead to higher evasion rate. We used feature engineering techniques such as Recursive Feature Elimination, Lasso, and Cancel Out to generate then test attack vectors that have higher potential to evade phishing detectors. We tested the evasion performance of each technique then classified different evasion tests as passed or failed depending on their evasion rate. Our findings showed that our threat model has better evasion capability compared to the original Generative Adversarial Deep Neural Network (GAN) which perturbs features in a random manner.
AB - Phishing attacks have witnessed a rapid increase thanks to the matured social engineering techniques, COVID-19 pandemic, and recently adversarial deep learning techniques. Even though adversarial phishing attacks are recent, attackers are crafting such attacks by considering context, testing different attack paths, then selecting paths that can evade machine learning phishing detectors. This research proposes an approach that generates adversarial phishing attacks by finding optimal subsets of features that lead to higher evasion rate. We used feature engineering techniques such as Recursive Feature Elimination, Lasso, and Cancel Out to generate then test attack vectors that have higher potential to evade phishing detectors. We tested the evasion performance of each technique then classified different evasion tests as passed or failed depending on their evasion rate. Our findings showed that our threat model has better evasion capability compared to the original Generative Adversarial Deep Neural Network (GAN) which perturbs features in a random manner.
KW - URL
KW - adversarial deep learning
KW - features
KW - machine learning
KW - phishing
KW - social engineering
UR - http://www.scopus.com/inward/record.url?scp=85123494635&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85123494635&partnerID=8YFLogxK
U2 - 10.1109/ISI53945.2021.9624751
DO - 10.1109/ISI53945.2021.9624751
M3 - Conference contribution
AN - SCOPUS:85123494635
T3 - Proceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
BT - Proceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021
Y2 - 2 November 2021 through 3 November 2021
ER -