Although machine learning-based anti-phishing detectors have provided promising results in phishing website detection, they remain vulnerable to evasion attacks. The Machine Learning Security Evasion Competition 2022 (MLSEC 2022) provides researchers and practitioners with the opportunity to deploy evasion attacks against anti-phishing machine learning models in real-world settings. In this field note, we share our experience participating in MLSEC 2022. We manipulated the source code of ten phishing HTML pages provided by the competition using obfuscation techniques to evade anti-phishing models. Our evasion attacks employing a benign overlap strategy achieved third place in the competition with 46 out of a potential 80 points. The results of our MLSEC 2022 performance can provide valuable insights for research seeking to robustify machine learning-based anti-phishing detectors.

Machine learning-based anti-phishing detectors are widely deployed to protect users from malicious websites. This paper presents a reinforcement learning approach to generate adversarial phishing websites that can evade these detectors, revealing potential vulnerabilities in current defense mechanisms and informing the development of more robust detection systems.

Email phishing remains a persistent cybersecurity threat despite advances in technical defenses. This paper presents an explainable nudging approach for email phishing prevention, combining AI-driven threat detection with human-centric interventions. Drawing on research in behavioral economics and warning science, we develop and evaluate nudging mechanisms that help users recognize and avoid phishing attempts through interpretable warnings and educational cues. Our approach addresses the need for transparency in security systems while promoting long-term user learning beyond immediate threat detection.

Machine learning-based phishing website detectors are increasingly deployed to protect users from malicious websites. However, these detectors remain vulnerable to adversarial evasion attacks. This paper presents an action-masked reinforcement learning approach for automated red teaming to systematically evaluate the robustness of these detectors, identifying vulnerabilities that adversaries could exploit to evade detection and informing the development of more robust defense mechanisms.

This teaching case examines a deepfake video call scam that targeted Pan-Asia Trading, illustrating the emerging cybersecurity threats posed by AI-generated synthetic media. The case provides students with a hands-on opportunity to analyze the attack vectors, organizational vulnerabilities, and defensive strategies against deepfake-enabled social engineering attacks.

The accelerated growth of computing technologies has provided interdisciplinary teams a platform for producing innovative research at an unprecedented speed. Advanced scientific cyberinfrastructures, in particular, provide data storage, applications, software, and other resources to facilitate the development of critical scientific discoveries. Users of these environments often rely on custom developed virtual machine (VM) images that are comprised of a diverse array of open source applications. These can include vulnerabilities undetectable by conventional vulnerability scanners. This research aims to identify the installed applications, their vulnerabilities, and how they vary across images in scientific cyberinfrastructure. We propose a novel unsupervised graph embedding framework that captures relationships between applications, as well as vulnerabilities identified on corresponding GitHub repositories. This embedding is used to cluster images with similar applications and vulnerabilities. We evaluate cluster quality using Silhouette, Calinski-Harabasz, and Davies-Bouldin indices, and application vulnerabilities through inspection of selected clusters. Results reveal that images pertaining to genomics research in our research testbed are at greater risk of high-severity shell spawning and data validation vulnerabilities.

Common Vulnerabilities and Exposures (CVEs) are used by cybersecurity analysts, networks, and endpoints managers to identify and address system vulnerabilities. The MITRE ATT&CK framework provides mitigation techniques for malicious tactics and can assist organizations in addressing their vulnerabilities. This paper presents a CVE Transformer (CVET) that uses fine-tuning and self-knowledge distillation to automatically link CVEs to relevant ATT&CK tactics, enabling more efficient threat assessment and prioritization of vulnerability remediation efforts.

Paste sites serve as repositories for sharing code snippets, including malicious exploit code. Understanding how these exploits map to known attack techniques is crucial for threat intelligence. This paper presents a multi-label transformer approach to automatically map exploit code found on paste sites to the MITRE ATT&CK framework, enabling security analysts to quickly understand the potential impact and techniques employed by attackers.

Ransomware attacks continue to pose significant threats to organizations worldwide, with attackers often demanding payment in Bitcoin. This paper presents a graph embedding approach to identify and disrupt ransomware actors on the Bitcoin blockchain by analyzing transaction patterns and wallet relationships, enabling proactive intervention strategies.

Infrastructure as Code (IaC) has become essential for modern DevOps practices, enabling automated provisioning and management of cloud infrastructure. However, security vulnerabilities and misconfigurations in IaC scripts pose significant risks to organizations. This paper explores the application of large language models (LLMs) for automatically detecting and remediating vulnerabilities in IaC configurations. We evaluate the effectiveness of LLMs in identifying security weaknesses and generating secure code fixes, advancing automated security solutions for cloud infrastructure management.