Advanced evasion attacks and mitigations on practical ML?based phishing website classifiers

Machine learning (ML) based classifiers are vulnerable to evasion attacks, as shown by recent attacks. However, there is a lack of systematic study attacks on ML-based anti-phishing detection. In this study, we show that not only effective practical classifiers, but can also be efficiently launched without destructing the functionalities and appearance. For purpose, propose three mutation-based differing in knowledge target classifier, addressing key technical challenge: automatically crafting an adversarial sample from known phishing website way mislead classifiers. To launch white- gray-box scenarios, sample-based collision attack gain classifier. We demonstrate efficacy our state-of-the-art, Google's page filter, achieved 100% success rate less than one second per website. Moreover, transferability BitDefender's industrial TrafficLight, up 81.25% rate. further similarity-based method mitigate such Pelican, which compares similarity unknown with recently detected websites. Pelican effectively detect hence could integrated into highlight two strategies classification rule selection enhance robustness Our findings contribute design more robust practice.