Machine Learning-Enabled Attacks on Anti-Phishing Blacklists
The exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susc...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10798104/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850100880590766080 |
|---|---|
| author | Wenhao Li Shams Ul Arfeen Laghari Selvakumar Manickam Yung-Wey Chong Binyong Li |
| author_facet | Wenhao Li Shams Ul Arfeen Laghari Selvakumar Manickam Yung-Wey Chong Binyong Li |
| author_sort | Wenhao Li |
| collection | DOAJ |
| description | The exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susceptible to evasion by sophisticated attackers. This study presents a comprehensive security analysis of anti-phishing blacklists and introduces two novel cloaking attacks—Feature-Driven Cloaking and Transport Layer Security (TLS)-Based Cloaking—that exploit vulnerabilities in the automated detection systems of anti-phishing entities (APEs). Using real-world data and employing machine learning techniques, the Random Forest (RF) classifier emerged as the most effective among all tested supervised classifiers, achieving 100% accuracy in distinguishing APEs from regular users and enabling attackers to bypass blacklist detection. Key findings highlight critical security flaws in major APEs, including limited infrastructure diversity, feature implementation inconsistencies, and vulnerabilities to Web Real-Time Communication (WebRTC) Internet Protocol (IP) leaks. These weaknesses extend the operational lifespan of phishing websites, heightening risks to users. The results emphasize the need for APEs to implement more robust and adaptive defenses and propose mitigation strategies to enhance the resilience of the anti-phishing ecosystem. |
| format | Article |
| id | doaj-art-1cf839817caf4b1b94f9941a2de3465f |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-1cf839817caf4b1b94f9941a2de3465f2025-08-20T02:40:11ZengIEEEIEEE Access2169-35362024-01-011219158619160210.1109/ACCESS.2024.351675410798104Machine Learning-Enabled Attacks on Anti-Phishing BlacklistsWenhao Li0https://orcid.org/0009-0007-4342-6676Shams Ul Arfeen Laghari1https://orcid.org/0000-0002-6036-395XSelvakumar Manickam2https://orcid.org/0000-0003-4378-1954Yung-Wey Chong3https://orcid.org/0000-0003-1750-7441Binyong Li4https://orcid.org/0000-0003-3615-1129Cybersecurity Research Centre, Universiti Sains Malaysia, Gelugor, Penang, MalaysiaSchool of ICT, Faculty of Engineering Design Information and Communications Technology (EDICT), Bahrain, Polytechnic Isa Town, BahrainCybersecurity Research Centre, Universiti Sains Malaysia, Gelugor, Penang, MalaysiaSchool of Computer Sciences, Universiti Sains Malaysia, Gelugor, Penang, MalaysiaSchool of Cybersecurity, Chengdu University of Information Technology, Chengdu, ChinaThe exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susceptible to evasion by sophisticated attackers. This study presents a comprehensive security analysis of anti-phishing blacklists and introduces two novel cloaking attacks—Feature-Driven Cloaking and Transport Layer Security (TLS)-Based Cloaking—that exploit vulnerabilities in the automated detection systems of anti-phishing entities (APEs). Using real-world data and employing machine learning techniques, the Random Forest (RF) classifier emerged as the most effective among all tested supervised classifiers, achieving 100% accuracy in distinguishing APEs from regular users and enabling attackers to bypass blacklist detection. Key findings highlight critical security flaws in major APEs, including limited infrastructure diversity, feature implementation inconsistencies, and vulnerabilities to Web Real-Time Communication (WebRTC) Internet Protocol (IP) leaks. These weaknesses extend the operational lifespan of phishing websites, heightening risks to users. The results emphasize the need for APEs to implement more robust and adaptive defenses and propose mitigation strategies to enhance the resilience of the anti-phishing ecosystem.https://ieeexplore.ieee.org/document/10798104/Anti-phishing blacklistcloaking techniqueevasion techniquemachine learningphishing websitephishing |
| spellingShingle | Wenhao Li Shams Ul Arfeen Laghari Selvakumar Manickam Yung-Wey Chong Binyong Li Machine Learning-Enabled Attacks on Anti-Phishing Blacklists IEEE Access Anti-phishing blacklist cloaking technique evasion technique machine learning phishing website phishing |
| title | Machine Learning-Enabled Attacks on Anti-Phishing Blacklists |
| title_full | Machine Learning-Enabled Attacks on Anti-Phishing Blacklists |
| title_fullStr | Machine Learning-Enabled Attacks on Anti-Phishing Blacklists |
| title_full_unstemmed | Machine Learning-Enabled Attacks on Anti-Phishing Blacklists |
| title_short | Machine Learning-Enabled Attacks on Anti-Phishing Blacklists |
| title_sort | machine learning enabled attacks on anti phishing blacklists |
| topic | Anti-phishing blacklist cloaking technique evasion technique machine learning phishing website phishing |
| url | https://ieeexplore.ieee.org/document/10798104/ |
| work_keys_str_mv | AT wenhaoli machinelearningenabledattacksonantiphishingblacklists AT shamsularfeenlaghari machinelearningenabledattacksonantiphishingblacklists AT selvakumarmanickam machinelearningenabledattacksonantiphishingblacklists AT yungweychong machinelearningenabledattacksonantiphishingblacklists AT binyongli machinelearningenabledattacksonantiphishingblacklists |