{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:02:03Z","timestamp":1777806123034,"version":"3.51.4"},"reference-count":27,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2021,2,1]],"date-time":"2021-02-01T00:00:00Z","timestamp":1612137600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2021,2,3]]},"abstract":"<jats:p>Phishing websites trick honest users into believing that they interact with a legitimate website and capture sensitive information, such as user names, passwords, credit card numbers, and other personal information. Machine learning is a promising technique to distinguish between phishing and legitimate websites. However, machine learning approaches are susceptible to adversarial learning attacks where a phishing sample can bypass classifiers. Our experiments on publicly available datasets reveal that the phishing detection mechanisms are vulnerable to adversarial learning attacks. We investigate the robustness of machine learning-based phishing detection in the face of adversarial learning attacks.<\/jats:p>\n                  <jats:p>We propose a practical approach to simulate such attacks by generating adversarial samples through direct feature manipulation. To enhance the sample\u2019s success probability, we describe a clustering approach that guides an attacker to select the best possible phishing samples that can bypass the classifier by appearing as legitimate samples. We define the notion of vulnerability level for each dataset that measures the number of features that can be manipulated and the cost for such manipulation. Further, we clustered phishing samples and showed that some clusters of samples are more likely to exhibit higher vulnerability levels than others. This helps an adversary identify the best candidates of phishing samples to generate adversarial samples at a lower cost. Our finding can be used to refine the dataset and develop better learning models to compensate for the weak samples in the training dataset.<\/jats:p>","DOI":"10.3233\/jcs-191411","type":"journal-article","created":{"date-parts":[[2021,2,2]],"date-time":"2021-02-02T19:18:22Z","timestamp":1612293502000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":6,"title":["Directed adversarial sampling attacks on phishing detection"],"prefix":"10.1177","volume":"29","author":[{"given":"Hossein","family":"Shirazi","sequence":"first","affiliation":[{"name":"Colorado State University, Fort Collins CO 80523, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bruhadeshwar","family":"Bezawada","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology Jammu, Jammu & Kashmir, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Indrakshi","family":"Ray","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins CO 80523, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuck","family":"Anderson","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins CO 80523, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2021,2,1]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2014.03.019"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"APWG, Phishing attack trends report\u00a0\u2013 3q 2018, 2018, Online; accessed 24-Jan-2019.","DOI":"10.1016\/S1361-3723(19)30025-9"},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2013.57"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"B.\u00a0Biggio and F.\u00a0Roli, Wild patterns: Ten years after the rise of adversarial machine learning, 2017, arXiv preprint arXiv:1712.03141.","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"V.\u00a0Bulakh and M.\u00a0Gupta, Countering phishing from brands\u2019 vantage point, in: International Workshop on Security and Privacy Analytics, 2016, pp.\u00a017\u201324.","DOI":"10.1145\/2875475.2875478"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"N.\u00a0Dalvi, P.\u00a0Domingos, S.\u00a0Sanghai, D.\u00a0Verma et al., Adversarial classification, in: International Conference on Knowledge Discovery and Data Mining, 2004, pp.\u00a099\u2013108.","DOI":"10.1145\/1014052.1014066"},{"key":"ref007","unstructured":"A.\u00a0Demontis, M.\u00a0Melis, B.\u00a0Biggio, D.\u00a0Maiorca, D.\u00a0Arp, K.\u00a0Rieck, I.\u00a0Corona, G.\u00a0Giacinto and F.\u00a0Roli, Yes, machine learning can be more secure! a case study on android malware detection,\n                      IEEE Transactions on Dependable and Secure Computing\n                      (2017)."},{"key":"ref008","unstructured":"D.\u00a0Dua and E.\u00a0Karra Taniskidou, UCI machine learning repository, 2017."},{"key":"ref009","first-page":"6","volume":"1","author":"Felix J.","year":"1987","journal-title":"Interex Proceedings"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"L.\u00a0Huang, A.D.\u00a0Joseph, B.\u00a0Nelson, B.I.P.\u00a0Rubinstein and J.D.\u00a0Tygar, Adversarial machine learning, in: ACM Workshop on Security and Artificial Intelligence, 2011, pp.\u00a043\u201358.","DOI":"10.1145\/2046684.2046692"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"J.\u00a0Jiang, J.\u00a0Chen, K.K.R.\u00a0Choo, C.\u00a0Liu, K.\u00a0Liu, M.\u00a0Yu and Y.\u00a0Wang, A deep learning based online malicious url and dns detection scheme, in: Security and Privacy in Communication Systems, 2017, pp.\u00a0438\u2013448.","DOI":"10.1007\/978-3-319-78813-5_22"},{"key":"ref012","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.11.004"},{"key":"ref013","unstructured":"J.\u00a0MacQueen et al., Some methods for classification and analysis of multivariate observations, in: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Vol.\u00a01, Oakland, CA, USA, 1967, pp.\u00a0281\u2013297."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"A.\u00a0Niakanlahiji, B.T.\u00a0Chu and E.\u00a0Al-Shaer, Phishmon: A machine learning framework for detecting phishing webpages, in: Intelligence and Security Informatics, 2018, pp.\u00a0220\u2013225.","DOI":"10.1109\/ISI.2018.8587410"},{"key":"ref015","unstructured":"N.\u00a0Papernot, I.\u00a0Goodfellow, R.\u00a0Sheatsley, R.\u00a0Feinman and P.\u00a0McDaniel, cleverhans v1. 0.0: An adversarial machine learning library, 10, 2016, arXiv preprint arXiv:1610.00768."},{"key":"ref016","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_14"},{"key":"ref017","unstructured":"M.\u00a0Rami, Mohammad, F.\u00a0Thabtah and L.\u00a0McCluskey, An assessment of features related to phishing websites using an automated technique, in: Internet Technology and Secured Transactions, 2012, pp.\u00a0492\u2013497."},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.09.029"},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"H.\u00a0Shirazi, B.\u00a0Bezawada and I.\u00a0Ray, \u201ckn0w thy doma1n name\u201d: Unbiased phishing detection using domain name based features, in: ACM Symposium on Access Control Models and Technologies, 2018, pp.\u00a069\u201375.","DOI":"10.1145\/3205977.3205992"},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"H.\u00a0Shirazi, S.\u00a0Muramudalige, I.\u00a0Ray and A.\u00a0Jayasumana, Improved phishing detection algorithms using adversarial autoencoder synthesized data, in: IEEE Conference on Local Computer Networks, 2020.","DOI":"10.1109\/LCN48667.2020.9314775"},{"key":"ref021","unstructured":"C.L.\u00a0Tan, Phishing dataset for machine learning: Feature evaluation, 2018."},{"key":"ref022","unstructured":"ISTR Internet Security Threat Report Volume 23. Technical report."},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"K.\u00a0Tian, S.T.K.\u00a0Jan, H.\u00a0Hu, D.\u00a0Yao and G.\u00a0Wang, Needle in a haystack: Tracking down elite phishing domains in the wild, in: Internet Measurement Conference, 2018, pp.\u00a0429\u2013442.","DOI":"10.1145\/3278532.3278569"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"R.\u00a0Verma and K.\u00a0Dyer, On the character of phishing urls: Accurate and robust statistical learning classifiers, in: Working Conference on Data and Application Security and Privacy, 2015, pp.\u00a0111\u2013122.","DOI":"10.1145\/2699026.2699115"},{"key":"ref025","unstructured":"Y.\u00a0Wang, S.\u00a0Jha and K.\u00a0Chaudhuri, Analyzing the robustness of nearest neighbors to adversarial examples, in: International Conference on Machine Learning, 2018, pp.\u00a05120\u20135129."},{"key":"ref026","unstructured":"H.\u00a0Xiao, B.\u00a0Biggio, G.\u00a0Brown, G.\u00a0Fumera, C.\u00a0Eckert and F.\u00a0Roli, Is feature selection secure against training data poisoning? in: International Conference on Machine Learning, 2015, pp.\u00a01689\u20131698."},{"key":"ref027","doi-asserted-by":"publisher","DOI":"10.1002\/sec.331"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191411","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191411","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191411","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:25Z","timestamp":1777495525000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191411"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,1]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,3]]}},"alternative-id":["10.3233\/JCS-191411"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191411","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,1]]}}}