Phishing remains one of the most prevalent cybersecurity threats, endangering users’ personal data, financial assets and online privacy. Although Machine Learning Phishing Website Detectors (ML-PWDs) are an effective tool for identifying malicious webpages, recent studies have revealed that these models are vulnerable to adversarial attacks. In this study, we present a new adversarial attack strategy capable of operating in the problem space, which uses heuristic search algorithms, including Beam Search, Simulated Annealing and Monte Carlo Tree Search, to generate adversarial samples that evade state-of-the-art detectors while maintaining visual and functional fidelity. Our approach optimizes the trade-off between the number of manipulations and attack success, minimizing the distance from the original sample. Experiments on two public datasets demonstrate that our method reduces the average detection rate from 0.80 to 0.05 on Zenodo and from 0.82 to 0.03 on δ Phish, while requiring up to 70% fewer manipulations than competing attacks. Furthermore, the generated samples remain closer to the originals in the L 0 and L 2 metrics, indicating strong statistical plausibility. These results highlight the effectiveness of our approach in evading ML-PWDs and its potential for evaluating and strengthening the adversarial robustness of real-world detection systems.
Lo Re, G., Morana, M., Rizzo, G. (2026). Adversarial attacks on phishing webpage detectors via heuristic search techniques. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 100 [10.1016/j.jisa.2026.104486].
Adversarial attacks on phishing webpage detectors via heuristic search techniques
Lo Re, Giuseppe;Morana, Marco
;Rizzo, Giuseppe
2026-07-01
Abstract
Phishing remains one of the most prevalent cybersecurity threats, endangering users’ personal data, financial assets and online privacy. Although Machine Learning Phishing Website Detectors (ML-PWDs) are an effective tool for identifying malicious webpages, recent studies have revealed that these models are vulnerable to adversarial attacks. In this study, we present a new adversarial attack strategy capable of operating in the problem space, which uses heuristic search algorithms, including Beam Search, Simulated Annealing and Monte Carlo Tree Search, to generate adversarial samples that evade state-of-the-art detectors while maintaining visual and functional fidelity. Our approach optimizes the trade-off between the number of manipulations and attack success, minimizing the distance from the original sample. Experiments on two public datasets demonstrate that our method reduces the average detection rate from 0.80 to 0.05 on Zenodo and from 0.82 to 0.03 on δ Phish, while requiring up to 70% fewer manipulations than competing attacks. Furthermore, the generated samples remain closer to the originals in the L 0 and L 2 metrics, indicating strong statistical plausibility. These results highlight the effectiveness of our approach in evading ML-PWDs and its potential for evaluating and strengthening the adversarial robustness of real-world detection systems.
| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S221421262600116XA-main.pdf
accesso aperto
Descrizione: This is an open access article under the terms of the Creative Commons Attribution License
Tipologia:
Versione Editoriale
Dimensione
9.02 MB
Formato
Adobe PDF
|
9.02 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
