Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An Innovative Information Theory-based Approach to Tackle and Enhance The Transparency in Phishing Detection (2402.17092v2)

Published 27 Feb 2024 in cs.CR

Abstract: Phishing attacks have become a serious and challenging issue for detection, explanation, and defense. Despite more than a decade of research on phishing, encompassing both technical and non-technical remedies, phishing continues to be a serious problem. Nowadays, AI-based phishing detection stands out as one of the most effective solutions for defending against phishing attacks by providing vulnerability (i.e., phishing or benign) predictions for the data. However, it lacks explainability in terms of providing comprehensive interpretations for the predictions, such as identifying the specific information that causes the data to be classified as phishing. To this end, we propose an innovative deep learning-based approach for email (the most common phishing way) phishing attack localization. Our method can not only predict the vulnerability of the email data but also automatically learn and figure out the most important and phishing-relevant information (i.e., sentences) in the phishing email data where the selected information indicates useful and concise explanations for the vulnerability. The rigorous experiments on seven real-world diverse email datasets show the effectiveness and advancement of our proposed method in selecting crucial information, offering concise explanations (by successfully figuring out the most important and phishing-relevant information) for the vulnerability of the phishing email data. Particularly, our method achieves a significantly higher performance, ranging from approximately 1.5% to 3.5%, compared to state-of-the-art baselines, as measured by the combined average performance of two main metrics Label-Accuracy and Cognitive-True-Positive.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (65)
  1. Tensorflow: A system for large-scale machine learning. In 12th USENIX Symposium on Operating Systems Design and Implementation OSDI. 265–283.
  2. Visualphishnet: Zero-day phishing website detection by visual similarity. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security. 1681–1698.
  3. VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity. CoRR abs/1909.00300 (2020).
  4. Nurul Akbar. 2014. Analysing Persuasion Principles in Phishing Emails. PhD thesis (2014).
  5. Anti-Phishing Working Group. 2022. Phishing Trends Reports. https://apwg.org/trendsreports/
  6. Explaining a black-box by using a deep variational information bottleneck approach. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 35. 11396–11404.
  7. Explaining a black-box using Deep Variational Information Bottleneck Approach. The AAAI Conference on Artificial Intelligence (AAAI) (2021).
  8. Breaching the Human Firewall: Social Engineering in Phishing and Spear-Phishing Emails. The Australasian Conference on Information Systems (ACIS) (2015).
  9. Intelligible models for healthcare: Predicting pneumonia risk and hospital 30-day readmission. In Proceedings of the 21th ACM SIGKDD international conference on knowledge discovery and data mining. 1721–1730.
  10. Learning to Explain: An Information-Theoretic Perspective on Model Interpretation. International Conference on Machine Learning (ICML) (2018).
  11. Learning to Explain: An Information-Theoretic Perspective on Model Interpretation. CoRR abs/1802.07814 (2018).
  12. End-to-end Autonomous Driving: Challenges and Frontiers. CoRR abs/2306.16927 (2023).
  13. Active Countermeasures for Email Fraud. CoRR abs/2210.15043 (2023).
  14. R Cialdini. 1984. Influence. The Psychology of Persuasion (1984).
  15. Thomas M. Cover and Joy A. Thomas. 2006. Elements of Information Theory. John Wiley and Sons, Inc.
  16. SOK: A Comprehensive Reexamination of Phishing Research from the Security Perspective. CoRR abs/1911.00953 (2019).
  17. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. CoRR abs/1810.04805 (2018).
  18. Federal Bureau of Investigation. 2022. FBI Internet Crime Report 2022. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
  19. Principles of persuasion in social engineering and their use in phishing. In Lecture Notes in Computer Science (2015).
  20. VulExplainer: A Transformer-Based Hierarchical Distillation for Explaining Vulnerability Types. The IEEE Transactions on Software Engineering 49, 10 (2023).
  21. Yarin Gal and Zoubin Ghahramani. 2016. Dropout as a bayesian approximation: Representing model uncertainty in deep learning. In international conference on machine learning. 1050–1059.
  22. Amber Van Der Heijden and Luca Allodi. 2019. Cognitive Triaging of Phishing Attacks. The Proceedings of the 28th USENIX Security Symposium (2019).
  23. Categorical reparameterization with gumbel-softmax. CoRR abs/1611.01144 (2016).
  24. Have We Learned to Explain?: How Interpretability Methods Can Learn to Encode Predictions in their Interpretations.. In International Conference on Artificial Intelligence and Statistics. PMLR, 1459–1467.
  25. Have We Learned to Explain?: How Interpretability Methods Can Learn to Encode Predictions in their Interpretations. In the 24th International Conference on Artificial Intelligence and Statistics (AISTATS).
  26. Diederik P. Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. CoRR abs/1412.6980 (2014).
  27. URLNet: Learning a URL Representation with Deep Learning for Malicious URL Detection. CoRR abs/1802.03162 (2018).
  28. A stacking model using URL and HTML features for phishing webpage detection. Future Generation Computer Systems 94 (2019), 27–39.
  29. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. CoRR abs/1801.01681 (2018).
  30. Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages.. In USENIX Security Symposium. 3793–3810.
  31. Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1633–1650.
  32. Scott M Lundberg and Su-In Lee. 2017. A Unified Approach to Interpreting Model Predictions. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc.
  33. The Concrete Distribution: A Continuous Relaxation of Discrete Random Variables. CoRR abs/1611.00712 (2016).
  34. Carlos Guestrin Marco T. Ribeiro, Sameer Singh. 2016. Why should i trust you?: Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. ACM, 1135–1144.
  35. Noga Zaslavsky Naftali Tishby. 2015. Deep learning and the information bottleneck principle. In 2015 IEEE Information Theory Workshop (ITW). IEEE, 1–5.
  36. Dual-Component Deep Domain Adaptation: A New Approach for Cross Project Software Vulnerability Detection. (2020).
  37. Deep Domain Adaptation for Vulnerable Code Function Identification. In International Joint Conference on Neural Networks (IJCNN).
  38. An Information-Theoretic and Contrastive Learning-based Approach for Identifying Code Statements Causing Software Vulnerability. CoRR abs/2209.10414 (2022).
  39. Cross Project Software Vulnerability Detection via Domain Adaptation and Max-Margin Principle. CoRR abs/2209.10406 (2022).
  40. Information-theoretic Source Code Vulnerability Highlighting. International Joint Conference on Neural Networks (IJCNN) (2021).
  41. ReGVD: Revisiting Graph Neural Networks for Vulnerability Detection. CoRR abs/2110.07317 (2021).
  42. OpenAI. 2020. Language Models are Few-Shot Learners. CoRR abs/2005.14165 (2020).
  43. The design of phishing studies: Challenges for researchers. Computers and Security (2015).
  44. Artificial intelligence in drug discovery and development. In Drug Discovery Today.
  45. Language models are unsupervised multitask learners. OpenAI blog 1, 8 (2019), 9.
  46. Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer. CoRR abs/1910.10683 (2019).
  47. Venkatesh Ramanathan and Harry Wechsler. 2013. Phishing detection and impersonated entity discovery using Conditional Random Field and Latent Dirichlet Allocation. In Computers and Security.
  48. Routhu Srinivasa Rao and Alwyn Roshan Pais. 2019. Detection of phishing websites using an efficient feature-based machine learning framework. Neural Computing and Applications 31 (2019), 3851–3873.
  49. ”Why Should I Trust You?”: Explaining the Predictions of Any Classifier. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2016).
  50. Michael L. Rich. 2016. Machine learning, automated suspicion algorithms, and the fourth amendment. University of Pennsylvania Law Review (2016), 871–929.
  51. Machine learning-based phishing detection from URLs. Expert Systems with Applications 117 (2019), 345–357.
  52. Claude Elwood Shannon. 1998. The mathematical theory of communication. Warren Weaver. University of Illinois Press, Urbana.
  53. Noam Slonim and Naftali Tishby. 2000. Agglomerative information bottleneck. In Advances in neural information processing systems. 617–623.
  54. Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research 15 (2014), 1929–1958.
  55. TensorFlowAPI. 2023. RelaxedBernoulli. (2023). https://www.tensorflow.org/probability/api_docs/python/tfp/distributions/RelaxedBernoulli
  56. The information bottleneck method. arXiv preprint physics/0004057 (2000).
  57. A novel machine learning approach to detect phishing websites. In 2018 5th International conference on signal processing and integrated networks (SPIN). IEEE, 425–430.
  58. Amber Van Der Heijden and Luca Allodi. 2019. Cognitive Triaging of Phishing Attacks. In USENIX Security Symposium. 1309–1326.
  59. An Additive Instance-Wise Approach to Multi-class Model Interpretation. The International Conference on Learning Representations (ICLR) (2023).
  60. CNN–MHSA: A Convolutional Neural Network and multi-head self-attention combined approach for detecting phishing websites. Neural Networks 125 (2020), 303–312.
  61. Phishing website detection based on multidimensional features driven by deep learning. IEEE access 7 (2019), 15196–15209.
  62. Phishing website detection based on deep convolutional neural network and random forest ensemble learning. Sensors 21, 24 (2021), 8281.
  63. Instance-wise Variable Selection using Neural Networks. The International Conference on Learning Representations (ICLR) (2019).
  64. INVASE: Instance-wise variable selection using neural networks. In International Conference on Learning Representations.
  65. Phishing web site detection using diverse machine learning algorithms. The Electronic Library 38, 1 (2020), 65–80.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Van Nguyen (31 papers)
  2. Tingmin Wu (12 papers)
  3. Xingliang Yuan (40 papers)
  4. Marthie Grobler (15 papers)
  5. Surya Nepal (115 papers)
  6. Carsten Rudolph (24 papers)