Authors: Ying Yuan, Qingying Hao, Giovanni Apruzzese, Mauro Conti, Gang Wang
Published on: April 03, 2024
Impact Score: 7.4
Arxiv code: Arxiv:2404.02832
Summary
- What is new: This research uniquely explores how human users perceive adversarial phishing webpages, contrasting with previous studies that mainly focused on the effectiveness of these pages against machine learning-based phishing website detectors (ML-PWD).
- Why this is important: Phishing attacks continue to evolve, with adversarial phishing webpages designed specifically to bypass ML-based detectors. The effectiveness of such webpages on the actual targets – the end users – has not been thoroughly investigated.
- What the research proposes: The study conducted two user studies with 470 participants to evaluate the perception of both synthetic and real adversarial phishing webpages, which were designed to evade state-of-the-art ML-PWDs.
- Results: Most adversarial phishing webpages are just as effective at deceiving users as traditional phishing pages. However, certain types of perturbations, like added typos, are more likely to be noticed by users. Additionally, users who frequently visit a brand’s website are more likely to be overconfident and thus less accurate in detecting phishing attempts.
Technical Details
Technological frameworks used: nan
Models used: State-of-the-art machine learning-based phishing website detectors (ML-PWD)
Data used: Synthetically crafted adversarial phishing webpages and real adversarial phishing webpages from the wild web
Potential Impact
Cybersecurity firms and businesses that rely on online transactions could benefit from these insights by refining their anti-phishing solutions and user education programs.
Want to implement this idea in a business?
We have generated a startup concept here: PhishGuardAI.
Leave a Reply