"Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

Ying Yuan; Qingying Hao; Giovanni Apruzzese; Mauro Conti; Gang Wang

doi:10.1145/3589334.3645502

"Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

Ying Yuan, Qingying Hao, Giovanni Apruzzese, Mauro Conti, Gang Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing - -the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.

Original language	English (US)
Title of host publication	WWW 2024 - Proceedings of the ACM Web Conference
Publisher	Association for Computing Machinery
Pages	1712-1723
Number of pages	12
ISBN (Electronic)	9798400701719
DOIs	https://doi.org/10.1145/3589334.3645502
State	Published - May 13 2024
Event	33rd ACM Web Conference, WWW 2024 - Singapore, Singapore Duration: May 13 2024 → May 17 2024

Publication series

Name	WWW 2024 - Proceedings of the ACM Web Conference

Conference

Conference	33rd ACM Web Conference, WWW 2024
Country/Territory	Singapore
City	Singapore
Period	5/13/24 → 5/17/24

Keywords

ML
adversarial
machine learning
phishing website detection

ASJC Scopus subject areas

Computer Networks and Communications
Software

Online availability

10.1145/3589334.3645502

Library availability

Discover UIUC Full Text

Cite this

Yuan, Y., Hao, Q., Apruzzese, G., Conti, M., & Wang, G. (2024). "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages. In WWW 2024 - Proceedings of the ACM Web Conference (pp. 1712-1723). (WWW 2024 - Proceedings of the ACM Web Conference). Association for Computing Machinery. https://doi.org/10.1145/3589334.3645502

"Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages. / Yuan, Ying; Hao, Qingying; Apruzzese, Giovanni et al.
WWW 2024 - Proceedings of the ACM Web Conference. Association for Computing Machinery, 2024. p. 1712-1723 (WWW 2024 - Proceedings of the ACM Web Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yuan, Y, Hao, Q, Apruzzese, G, Conti, M & Wang, G 2024, "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages. in WWW 2024 - Proceedings of the ACM Web Conference. WWW 2024 - Proceedings of the ACM Web Conference, Association for Computing Machinery, pp. 1712-1723, 33rd ACM Web Conference, WWW 2024, Singapore, Singapore, 5/13/24. https://doi.org/10.1145/3589334.3645502

Yuan Y, Hao Q, Apruzzese G, Conti M, Wang G. "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages. In WWW 2024 - Proceedings of the ACM Web Conference. Association for Computing Machinery. 2024. p. 1712-1723. (WWW 2024 - Proceedings of the ACM Web Conference). Epub 2024 May 13. doi: 10.1145/3589334.3645502

@inproceedings{83cefa3553d14373ab71348d6e8a12b2,

title = "{"}Are Adversarial Phishing Webpages a Threat in Reality?{"} Understanding the Users' Perception of Adversarial Webpages",

abstract = "Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing - -the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.",

keywords = "ML, adversarial, machine learning, phishing website detection",

author = "Ying Yuan and Qingying Hao and Giovanni Apruzzese and Mauro Conti and Gang Wang",

note = "This work was supported by the European Commission under the Horizon Europe Programme, as part of the project LAZARUS (Grant Agreement no. 101070303). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors. This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU. This work was supported in part by NSF grants 2030521, 2055233, and 2229876, and an Amazon Research Award. This work was also partially supported by Hilti. Mauro Conti is affiliated also with TU Delft.; 33rd ACM Web Conference, WWW 2024 ; Conference date: 13-05-2024 Through 17-05-2024",

year = "2024",

month = may,

day = "13",

doi = "10.1145/3589334.3645502",

language = "English (US)",

series = "WWW 2024 - Proceedings of the ACM Web Conference",

publisher = "Association for Computing Machinery",

pages = "1712--1723",

booktitle = "WWW 2024 - Proceedings of the ACM Web Conference",

address = "United States",

}

TY - GEN

T1 - "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

AU - Yuan, Ying

AU - Hao, Qingying

AU - Apruzzese, Giovanni

AU - Conti, Mauro

AU - Wang, Gang

N1 - This work was supported by the European Commission under the Horizon Europe Programme, as part of the project LAZARUS (Grant Agreement no. 101070303). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors. This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU. This work was supported in part by NSF grants 2030521, 2055233, and 2229876, and an Amazon Research Award. This work was also partially supported by Hilti. Mauro Conti is affiliated also with TU Delft.

PY - 2024/5/13

Y1 - 2024/5/13

N2 - Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing - -the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.

AB - Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing - -the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.

KW - ML

KW - adversarial

KW - machine learning

KW - phishing website detection

UR - http://www.scopus.com/inward/record.url?scp=85194080050&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85194080050&partnerID=8YFLogxK

U2 - 10.1145/3589334.3645502

DO - 10.1145/3589334.3645502

M3 - Conference contribution

AN - SCOPUS:85194080050

T3 - WWW 2024 - Proceedings of the ACM Web Conference

SP - 1712

EP - 1723

BT - WWW 2024 - Proceedings of the ACM Web Conference

PB - Association for Computing Machinery

T2 - 33rd ACM Web Conference, WWW 2024

Y2 - 13 May 2024 through 17 May 2024

ER -

"Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this