An Evasion Attack against ML-based Phishing URL Detectors

Background: Over the year, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. Despite this vogue, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conduct a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems, aiming at providing guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings lead to promising directions for future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights implications for future study towards assessing and improving these systems.Comment: Draft for ACM TOP

Impact of Fashion Consciousness on Hijabistas’ Buying Behavior

The basic purpose of this research is to establish a methodology for studying and understanding contributing factors towards fashion consciousness and its impact on hijab buying behavior of hijabistas present in Universities of Lahore. This population was represented by 100 respondents taken from top five universities of Lahore. These respondents were asked to fill a questionnaire and return. The data collected was statistically analyzed by using Pearson’s correlation technique and linear regression analysis which supported the hypotheses and generated evidence in favor of the hypotheses. It is clearly evident from the results that way of dressing, sources of fashion information, fashion motivation and uniqueness of fashion are the determinants of fashion consciousness of hijabistas. Fashion consciousness positively impacts hijabistas hijab buying behavior as evident by the significance of the impact. Keywords: Fashion Consciousness, Hijab Fashion Consumption, Fashion Uniqueness, Dressing Style, Motivation

An Empirical Evaluation of an Activity-Based Infrastructure for Supporting Cooperation in Software Engineering

[Background] Software Engineering (SE) is predominantly a team effort that needs close cooperation among several people who may be geographically distributed. It has been recognized that appropriate tool support is a prerequisite to improve cooperation within SE teams. In an effort to contribute to this line of research, we have designed and developed an infrastructure, called ABC4GSD, based on the models of Activity Theory (AT) and the principles of the Activity-Based Computing (ABC) paradigm. [Aim] In this paper, we present a study that empirically evaluates the ability of ABC4GSD in supporting teams cooperation. [Method] We designed and executed a study based on a scenario that simulated the Follow-The-Sun (FTS) strategy of Global SE (GSE). Our research design allowed us to ensure cooperation to be both computer-mediated as well as contained within observable short time-windows-the hand-off activities of the FTS strategy. [Results] Overall, the results show that the cooperation support provided by the ABC4GSD system has been positively perceived by the participants. Nonetheless, open issues stimulating further investigations have been raised especially due to a few mixed results. [Conclusions] Aware of the limitations of the simulated scenario, we conclude that the approach followed by the ABC4GSD system based on activities is desirable to improve the cooperation support in SE. Finally, our research approach based on simulating a scenario with geographical and temporal distribution can providePaolo Tell, Muhammad Ali Baba