It Doesn't Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors

Authors: 

Qingying Hao and Nirav Diwan, University of Illinois at Urbana-Champaign; Ying Yuan, University of Padua; Giovanni Apruzzese, University of Liechtenstein; Mauro Conti, University of Padua; Gang Wang, University of Illinois at Urbana-Champaign

Abstract: 

Visual phishing detectors rely on website logos as the invariant identity indicator to detect phishing websites that mimic a target brand's website. Despite their promising performance, the robustness of these detectors is not yet well understood. In this paper, we challenge the invariant assumption of these detectors and propose new attack tactics, LogoMorph, with the ultimate purpose of enhancing these systems. LogoMorph is rooted in a key insight: users can neglect large visual perturbations on the logo as long as the perturbation preserves the original logo's semantics. We devise a range of attack methods to create semantic-preserving adversarial logos, yielding phishing webpages that bypass state-of-the-art detectors. For text-based logos, we find that using alternative fonts can help to achieve the attack goal. For image-based logos, we find that an adversarial diffusion model can effectively capture the style of the logo while generating new variants with large visual differences. Practically, we evaluate LogoMorph with white-box and black-box experiments and test the resulting adversarial webpages against various visual phishing detectors end-to-end. User studies (n = 150) confirm the effectiveness of our adversarial phishing webpages on end users (with a detection rate of 0.59, barely better than a coin toss). We also propose and evaluate countermeasures, and share our code.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299595,
author = {Qingying Hao and Nirav Diwan and Ying Yuan and Giovanni Apruzzese and Mauro Conti and Gang Wang},
title = {It Doesn{\textquoteright}t Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {3027--3044},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/hao-qingying},
publisher = {USENIX Association},
month = aug
}