Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks

Ahmed AlEroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

48 Scopus citations

Abstract

The URL components of web addresses are frequently used in creating phishing detection techniques. Typically, machine learning techniques are widely used to identify anomalous patterns in URLs as signs of possible phishing. However, adversaries may have enough knowledge and motivation to bypass URL classification algorithms by creating examples that evade classification algorithms. This paper proposes an approach that generates URL-based phishing examples using Generative Adversarial Networks. The created examples can fool Blackbox phishing detectors even when those detectors are created using sophisticated approaches such as those relying on intra-URL similarities. These created instances are used to deceive Blackbox machine learning-based phishing detection models. We tested our approach using actual phishing datasets. The results show that GAN networks are very effective in creating adversarial phishing examples that can fool both simple and sophisticated machine learning phishing detection models.

Original languageEnglish (US)
Title of host publicationIWSPA 2020 - Proceedings of the 6th International Workshop on Security and Privacy Analytics
PublisherAssociation for Computing Machinery, Inc
Pages53-60
Number of pages8
ISBN (Electronic)9781450371155
DOIs
StatePublished - Mar 16 2020
Externally publishedYes
Event6th ACM International Workshop on Security and Privacy Analytics, IWSPA 2020 - New Orleans, United States
Duration: Mar 18 2020 → …

Publication series

NameIWSPA 2020 - Proceedings of the 6th International Workshop on Security and Privacy Analytics

Conference

Conference6th ACM International Workshop on Security and Privacy Analytics, IWSPA 2020
Country/TerritoryUnited States
CityNew Orleans
Period3/18/20 → …

Keywords

  • Deep Learning
  • Generative Adversarial Networks
  • Phishing
  • URL classification

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks'. Together they form a unique fingerprint.

Cite this