Evasion Attacks and Defense Mechanisms for Machine Learning-Based Web Phishing Classifiers

Phishing is an electronic fraud through which an attacker can access user credentials. Phishing websites are the ones that mimic legitimate websites. Fraudsters can replace them within hours to evade their detection. The effects of phishing attacks exhibit the need for anti-phishing mechanisms. Several approaches were there to recognize the phishing websites, the white list approach, blacklist approach, machine learning, and heuristic-based approach. Earlier studies have shown that classifiers may be subject to evasion attacks although this point has only been explored on a small scale. As a result, the study covers evasion attacks and their detection within the context of website classifiers, which is rarely explored. In response to the inadequacies, the proposed technique includes extracting information from URLs and classifying webpages using various machine learning methods. The methodology involves crafting adversarial samples targeting classification features, with a focus on maintaining the functionality and appearance of phishing websites. The appearance is evaluated using image distortion metrics named mean squared error. Then a resemblance approach is utilized for the aim of detecting assaults that happened as a result of evasion attacks. This research introduces a novel defense mechanism against evasion attacks, marking a significant contribution to the field.