Although machine learning based algorithms have been extensively used for detecting phishing websites, there has relatively little work on how adversaries may attack such "phishing detectors" (PDs short). In this paper, we propose a set of Gray-Box attacks PDs that an adversary use which vary depending the knowledge he about PD. We show these severely degrade effectiveness several existing PDs....

The advance of computer networking has made cooperation essential to both attackers and defenders. Increased decentralization of network ownership requires devices to interact with entities beyond their own realm of control. The distribution of intelligence forces decisions to be taken at the edge. The exposure of devices makes multiple, simultaneous attacker-chosen compromise a credible threat...

Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. This thesis looks at the phishing problem holistically by examining various stakeholders and their countermeasures, and by surveying experts’ opinions about the current and future threats and the kinds of countermeasures that should be put in place. It...

We have conducted a user study to assess whether improved browser security indicators and increased awareness of phishing have led to users’ improved ability to protect themselves against such attacks. Participants were shown a series of websites and asked to identify the phishing websites. We use eye tracking to obtain objective quantitative data on which visual cues draw users’ attention as t...

Phishing attacks are a significant security threat to users of the Internet, causing tremendous economic loss every year. Past work in academia has not been adopted by industry in part due to concerns about liability over false positives. However, blacklist-based methods heavily used in industry are slow in responding to new phish attacks, and tend to be easily overwhelmed by phishing technique...

This research aims to design an educational mobile game for home computer users to prevent from phishing attacks. Phishing is an online identity theft which aims to steal sensitive information such as username, password and online banking details from victims. To prevent this, phishing education needs to be considered. Mobile games could facilitate to embed learning in a natural environment. Th...

Phishing is a kind of attack that belongs to social engineering and this attack seeks to trick people in order to let them reveal their confidential information. Several methods are introduced to detect phishing websites by using different types of features. Unfortunately, these techniques implemented for specific attack vector such as detecting phishing emails which make implementing wide scop...

The problem of Web phishing attacks has grown considerably in recent years and phishing is considered as one of the most dangerous Web crimes, which may cause tremendous and negative effects on online business. In a Web phishing attack, the phisher creates a forged or phishing website to deceive Web users in order to obtain their sensitive financial and personal information. Several conventiona...

— Pattern classification is a branch of machine learning that focuses on recognition of patterns and regularities in data. In adversarial applications like biometric authentication, spam filtering, network intrusion detection the pattern classification systems are used. Extending pattern classification theory and design methods to adversarial environment is thus a novel and very relevant resear...