Do Attackers Use Algorithms to Evade ML? An In-the-Wild Phishing Case Study
Phishing remains a threat to enterprise security. Deep learning now empowers powerful anti-phishing detectors, yet attackers still evade them with clever techniques. In their talk from RSA 2023, AI security experts Hyrum Anderson (Roubst Intelligence) and Kevin Roundy (Norton Innovation Labs) reveal a study of in-the-wild evasive phish sites and trends from 5 years of machine learning phish evasion competitions plus 11 evasion tactics phishers use today, and measure the use of automated adversarial-attack creation by phishers.