Machine Learning-Enabled Attacks on Anti-Phishing Blacklists

Machine Learning-Enabled Attacks on Anti-Phishing Blacklists

The exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susc...

Full description

Saved in:
Bibliographic Details
Main Authors: Wenhao Li, Shams Ul Arfeen Laghari, Selvakumar Manickam, Yung-Wey Chong, Binyong Li
Format: Article
Language:English
Published: IEEE 2024-01-01
Series:IEEE Access
Subjects:
Anti-phishing blacklist
cloaking technique
evasion technique
machine learning
phishing website
phishing
Online Access:https://ieeexplore.ieee.org/document/10798104/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susceptible to evasion by sophisticated attackers. This study presents a comprehensive security analysis of anti-phishing blacklists and introduces two novel cloaking attacks—Feature-Driven Cloaking and Transport Layer Security (TLS)-Based Cloaking—that exploit vulnerabilities in the automated detection systems of anti-phishing entities (APEs). Using real-world data and employing machine learning techniques, the Random Forest (RF) classifier emerged as the most effective among all tested supervised classifiers, achieving 100% accuracy in distinguishing APEs from regular users and enabling attackers to bypass blacklist detection. Key findings highlight critical security flaws in major APEs, including limited infrastructure diversity, feature implementation inconsistencies, and vulnerabilities to Web Real-Time Communication (WebRTC) Internet Protocol (IP) leaks. These weaknesses extend the operational lifespan of phishing websites, heightening risks to users. The results emphasize the need for APEs to implement more robust and adaptive defenses and propose mitigation strategies to enhance the resilience of the anti-phishing ecosystem.
ISSN:2169-3536

Similar Items