破解网络钓鱼规避：分析攻击者规避检测系统的策略

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Access Pub Date : 2025-04-29 DOI:10.1109/ACCESS.2025.3565619

A. Ghafoor;M. A. Shah;M. A. Al-Naeem;C. Maple

{"title":"破解网络钓鱼规避：分析攻击者规避检测系统的策略","authors":"A. Ghafoor;M. A. Shah;M. A. Al-Naeem;C. Maple","doi":"10.1109/ACCESS.2025.3565619","DOIUrl":null,"url":null,"abstract":"Phishing remains a critical security threat, involving the creation of fraudulent websites to capture sensitive information. Despite existing detection systems, sophisticated attackers have developed advanced evasion techniques that undermine these defenses. This paper highlights the significant challenge of these novel methods, focusing on how attackers manage to prolong the operational lifespan of phishing sites. Our research investigates how attackers circumvent traditional security layers by employing a combination of target filtering mechanisms, bot detection evasion, blacklisting avoidance, and honeypots. Our experimental findings indicate that these evasion strategies can achieve an effectiveness rate of 80% to 85% in extending the viability of phishing sites. We have empirically demonstrated the exposure of current systems to these attacks, revealing specific vulnerabilities and exploitation points. These results underscore the urgent need for enhanced detection frameworks that address the layered and adaptive nature of modern phishing tactics. Our work highlights a critical gap in current security measures and poses a challenge to solution providers: there is a pressing need for novel mitigations to safeguard users against these sophisticated phishing threats.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"78513-78526"},"PeriodicalIF":3.4000,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10979968","citationCount":"0","resultStr":"{\"title\":\"Decoding Phishing Evasion: Analyzing Attacker Strategies to Circumvent Detection Systems\",\"authors\":\"A. Ghafoor;M. A. Shah;M. A. Al-Naeem;C. Maple\",\"doi\":\"10.1109/ACCESS.2025.3565619\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Phishing remains a critical security threat, involving the creation of fraudulent websites to capture sensitive information. Despite existing detection systems, sophisticated attackers have developed advanced evasion techniques that undermine these defenses. This paper highlights the significant challenge of these novel methods, focusing on how attackers manage to prolong the operational lifespan of phishing sites. Our research investigates how attackers circumvent traditional security layers by employing a combination of target filtering mechanisms, bot detection evasion, blacklisting avoidance, and honeypots. Our experimental findings indicate that these evasion strategies can achieve an effectiveness rate of 80% to 85% in extending the viability of phishing sites. We have empirically demonstrated the exposure of current systems to these attacks, revealing specific vulnerabilities and exploitation points. These results underscore the urgent need for enhanced detection frameworks that address the layered and adaptive nature of modern phishing tactics. Our work highlights a critical gap in current security measures and poses a challenge to solution providers: there is a pressing need for novel mitigations to safeguard users against these sophisticated phishing threats.\",\"PeriodicalId\":13079,\"journal\":{\"name\":\"IEEE Access\",\"volume\":\"13 \",\"pages\":\"78513-78526\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2025-04-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10979968\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Access\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10979968/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10979968/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

网络钓鱼仍然是一个严重的安全威胁，涉及创建欺诈性网站来获取敏感信息。尽管现有的检测系统，复杂的攻击者已经开发出先进的规避技术来破坏这些防御。本文强调了这些新方法的重大挑战，重点是攻击者如何设法延长网络钓鱼站点的运行寿命。我们的研究调查了攻击者如何通过使用目标过滤机制、僵尸检测逃避、黑名单避免和蜜罐的组合来绕过传统的安全层。实验结果表明，这些规避策略在扩展网络钓鱼站点的生存能力方面可以达到80% ~ 85%的有效性。我们已经从经验上证明了当前系统暴露于这些攻击，揭示了特定的漏洞和利用点。这些结果强调了迫切需要增强检测框架，以解决现代网络钓鱼策略的分层和自适应性质。我们的工作突出了当前安全措施中的一个关键漏洞，并对解决方案提供商提出了挑战：迫切需要新的缓解措施来保护用户免受这些复杂的网络钓鱼威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Decoding Phishing Evasion: Analyzing Attacker Strategies to Circumvent Detection Systems

Phishing remains a critical security threat, involving the creation of fraudulent websites to capture sensitive information. Despite existing detection systems, sophisticated attackers have developed advanced evasion techniques that undermine these defenses. This paper highlights the significant challenge of these novel methods, focusing on how attackers manage to prolong the operational lifespan of phishing sites. Our research investigates how attackers circumvent traditional security layers by employing a combination of target filtering mechanisms, bot detection evasion, blacklisting avoidance, and honeypots. Our experimental findings indicate that these evasion strategies can achieve an effectiveness rate of 80% to 85% in extending the viability of phishing sites. We have empirically demonstrated the exposure of current systems to these attacks, revealing specific vulnerabilities and exploitation points. These results underscore the urgent need for enhanced detection frameworks that address the layered and adaptive nature of modern phishing tactics. Our work highlights a critical gap in current security measures and poses a challenge to solution providers: there is a pressing need for novel mitigations to safeguard users against these sophisticated phishing threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.