Generating Optimal Attack Paths in Generative Adversarial Phishing

Rayah Al-Qurashi, Ahmed Aleroud, Ahmad A. Saifan, Mohammad Alsmadi, Izzat Alsmadi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Phishing attacks have witnessed a rapid increase thanks to the matured social engineering techniques, COVID-19 pandemic, and recently adversarial deep learning techniques. Even though adversarial phishing attacks are recent, attackers are crafting such attacks by considering context, testing different attack paths, then selecting paths that can evade machine learning phishing detectors. This research proposes an approach that generates adversarial phishing attacks by finding optimal subsets of features that lead to higher evasion rate. We used feature engineering techniques such as Recursive Feature Elimination, Lasso, and Cancel Out to generate then test attack vectors that have higher potential to evade phishing detectors. We tested the evasion performance of each technique then classified different evasion tests as passed or failed depending on their evasion rate. Our findings showed that our threat model has better evasion capability compared to the original Generative Adversarial Deep Neural Network (GAN) which perturbs features in a random manner.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665438384
DOIs
StatePublished - 2021
Event19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021 - Virtual, Online, United States
Duration: Nov 2 2021Nov 3 2021

Publication series

NameProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021

Conference

Conference19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021
Country/TerritoryUnited States
CityVirtual, Online
Period11/2/2111/3/21

Keywords

  • URL
  • adversarial deep learning
  • features
  • machine learning
  • phishing
  • social engineering

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Generating Optimal Attack Paths in Generative Adversarial Phishing'. Together they form a unique fingerprint.

Cite this