Benchmarking the Robustness of Phishing Email Detection Systems

Benjamin M. Ampel, Yang Gao, James Hu, Sagar Samtani, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Social engineering attacks are currently the most cited cybersecurity threat to organizations. Phishing emails are the most salient form of social engineering attacks. Organizations are increasingly implementing AI-enabled systems to detect phishing emails. However, AI-enabled systems are often susceptible to textual perturbations, where an adversary makes a small change to cause a misclassification. In this study, we sought to identify the performance of prevailing phishing email detection systems (PEDS) against character, word, sentence, and multi-level adversarial text perturbations. Through a principled benchmarking framework, we quantitatively demonstrated the lack of robustness prevailing PEDS have to specific types of text-based adversarial perturbations (e.g., character, word, sentence, multi-level). The results of this study provide new insights into the robustness of AI-based PEDS and highlight the need for organizations to adopt a multi-layered approach to phishing protection. Additionally, organizations can implement our benchmark framework to test their PEDS against adversarial perturbations.

Original languageEnglish (US)
Title of host publication29th Annual Americas Conference on Information Systems, AMCIS 2023
PublisherAssociation for Information Systems
ISBN (Electronic)9781713893592
StatePublished - 2023
Event29th Annual Americas Conference on Information Systems: Diving into Uncharted Waters, AMCIS 2023 - Panama City, Panama
Duration: Aug 10 2023Aug 12 2023

Publication series

Name29th Annual Americas Conference on Information Systems, AMCIS 2023

Conference

Conference29th Annual Americas Conference on Information Systems: Diving into Uncharted Waters, AMCIS 2023
Country/TerritoryPanama
CityPanama City
Period8/10/238/12/23

Keywords

  • Information security and privacy
  • Phishing detection
  • artificial intelligence
  • benchmarking
  • cybersecurity

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Library and Information Sciences
  • Information Systems

Fingerprint

Dive into the research topics of 'Benchmarking the Robustness of Phishing Email Detection Systems'. Together they form a unique fingerprint.

Cite this