About us: Our team comprises two data scientists from the Technology Research team at Kaspersky, who are working on, among other things, Machine Learning (ML) based phishing detection technologies. Here’s how we achieved first place in the phishing track of the Machine Learning Security Evasion Competition, sponsored by Microsoft and partners CUJO AI, NVIDIA, VMRay, and MRG Effitas.
The task was to modify 10 (synthetic) phishing samples to make seven phishing detection models believe these samples were benign. A model was bypassed if it returned a probability of less than 0.1
for each sample. However, there was a catch: after modifications, the samples needed to look the same as before (or to be precise, screenshots of the renders should have the same hashes for both the original and the modified html file).
Models were available via an API, that is the setting was black-box. To win, you needed to fool as many models as possible for each sample, maki