Generating Optimal Attack Paths in Generative Adversarial Phishing

Rayah Al-Qurashi, Ahmed Aleroud, Ahmad A. Saifan, Mohammad Alsmadi, Izzat Alsmadi

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Phishing attacks have witnessed a rapid increase thanks to the matured social engineering techniques, COVID-19 pandemic, and recently adversarial deep learning techniques. Even though adversarial phishing attacks are recent, attackers are crafting such attacks by considering context, testing different attack paths, then selecting paths that can evade machine learning phishing detectors. This research proposes an approach that generates adversarial phishing attacks by finding optimal subsets of features that lead to higher evasion rate. We used feature engineering techniques such as Recursive Feature Elimination, Lasso, and Cancel Out to generate then test attack vectors that have higher potential to evade phishing detectors. We tested the evasion performance of each technique then classified different evasion tests as passed or failed depending on their evasion rate. Our findings showed that our threat model has better evasion capability compared to the original Generative Adversarial Deep Neural Network (GAN) which perturbs features in a random manner.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    ISBN (Electronic)9781665438384
    DOIs
    StatePublished - 2021
    Event19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021 - Virtual, Online, United States
    Duration: Nov 2 2021Nov 3 2021

    Publication series

    NameProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021

    Conference

    Conference19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021
    Country/TerritoryUnited States
    CityVirtual, Online
    Period11/2/2111/3/21

    Keywords

    • URL
    • adversarial deep learning
    • features
    • machine learning
    • phishing
    • social engineering

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Computer Networks and Communications
    • Information Systems
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'Generating Optimal Attack Paths in Generative Adversarial Phishing'. Together they form a unique fingerprint.

    Cite this