Attacking Logo-based Phishing Website Detectors with Adversarial Perturbations

Conference 28th European Symposium On Research In Computer Security

The Hague, Netherlands

Oneliner: We propose and evade transformers for logo-identification, and validate our attack with user-studies.

Attending ESORICS’23 was almost a deja-vu: first, because it was held in the same location (the “Babylon Conference Centre”) which hosted one of the Hackatons for the ASGARD project (which I attended in 2019); second, because I was in Delft just a few months before for EuroS&P’23. Regardless, it was the first time I attended ESORICS: compared to EuroS&P, I found it to be a much more “mature” conference. While at EuroS&P the audience appeared (at least to me) to be more “research-oriented” (with plenty of PhD students), the attendees of ESORICS leaned more towards the senior side—with many industry practitioners among their ranks (with whom I had the pleasure to exchange many opinions!).

Regardless, I enjoyed giving this talk—which inspired a lot of questions (both during and after the session). Yet, if anyone is reading this text, I must re-emphasize a crucial fact: most of the effort behind this paper was put by the first three authors (two of them being BSc. students!).

Slides Paper Artifact (Code) Venue