Add some metrics for Client Side Phishing Detection

Based on some recent problems with the Client Side Phishing system, we could use a few more high-level metrics. This CL adds three such metrics: - Whether the local model identifies phishing or not, on every classification - Whether the server-side models identify phishing or not, every time we contact Safe Browsing. This can also be used to determine total pings sent to Safe Browsing. - What the current model version is. While this is indirectly controlled by the Finch config, measuring it directly can detect mistakes made in the config or on the server-side. Fixed: 1128205 Change-Id: Ia3e3036c7ce2dc9e3e6814bd626897ca0d055698 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2416063Reviewed-by: Bettina Dea <bdea@chromium.org> Reviewed-by: Brian White <bcwhite@chromium.org> Commit-Queue: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#808575}

Add some metrics for Client Side Phishing Detection
Based on some recent problems with the Client Side Phishing system, we could use a few more high-level metrics. This CL adds three such metrics: - Whether the local model identifies phishing or not, on every classification - Whether the server-side models identify phishing or not, every time we contact Safe Browsing. This can also be used to determine total pings sent to Safe Browsing. - What the current model version is. While this is indirectly controlled by the Finch config, measuring it directly can detect mistakes made in the config or on the server-side. Fixed: 1128205 Change-Id: Ia3e3036c7ce2dc9e3e6814bd626897ca0d055698 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2416063Reviewed-by: Bettina Dea <bdea@chromium.org> Reviewed-by: Brian White <bcwhite@chromium.org> Commit-Queue: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#808575}
04f8462e · Daniel Rubery · Commit Bot · f278c33c · 04f8462e · 04f8462e
Commit 04f8462e authored Sep 18, 2020 by Daniel Rubery Committed by Commit Bot Sep 18, 2020
3 changed files
--- a/chrome/browser/safe_browsing/client_side_detection_host.cc
+++ b/chrome/browser/safe_browsing/client_side_detection_host.cc
@@ -504,6 +504,9 @@ void ClientSideDetectionHost::PhishingDetectionDone(
      verdict->clear_phash_dimension_size();
    }

+    base::UmaHistogramBoolean("SBClientPhishing.LocalModelDetectsPhishing",
+                              verdict->is_phishing());
+
    // We only send phishing verdict to the server if the verdict is phishing or
    // if a SafeBrowsing interstitial was already shown for this site.  E.g., a
    // phishing interstitial was shown but the user clicked
@@ -525,6 +528,8 @@ void ClientSideDetectionHost::PhishingDetectionDone(
 void ClientSideDetectionHost::MaybeShowPhishingWarning(GURL phishing_url,
                                                       bool is_phishing) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  base::UmaHistogramBoolean("SBClientPhishing.ServerModelDetectsPhishing",
+                            is_phishing);
  if (is_phishing) {
    DCHECK(web_contents());
    if (ui_manager_.get()) {

--- a/chrome/browser/safe_browsing/client_side_model_loader.cc
+++ b/chrome/browser/safe_browsing/client_side_model_loader.cc
@@ -11,6 +11,7 @@
 #include "base/files/file_path.h"
 #include "base/location.h"
 #include "base/memory/weak_ptr.h"
+#include "base/metrics/histogram_functions.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
@@ -251,6 +252,8 @@ void ModelLoader::OnURLLoaderComplete(
    model_str_.assign(data);
    model_.swap(model);
    model_status = MODEL_SUCCESS;
+    base::UmaHistogramSparse("SBClientPhishing.ClientModelVersionFetched",
+                             model_->version());
  }
  EndFetch(model_status, max_age);
 }

--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -151398,6 +151398,16 @@ Safe Browsing lookups, which is critical for security. -->
  </summary>
 </histogram>

+<histogram name="SBClientPhishing.ClientModelVersionFetched" units="version"
+    expires_after="2021-09-17">
+  <owner>drubery@chromium.org</owner>
+  <owner>chrome-safebrowsing-alerts@google.com</owner>
+  <summary>
+    Records the version of the local phishing detection model fetched. This
+    histogram is logged each time we load a model.
+  </summary>
+</histogram>
+
 <histogram name="SBClientPhishing.DOMFeatureChunkTime" units="ms"
    expires_after="M77">
  <owner>gab@chromium.org</owner>
@@ -151497,6 +151507,17 @@ Safe Browsing lookups, which is critical for security. -->
  </summary>
 </histogram>

+<histogram name="SBClientPhishing.LocalModelDetectsPhishing"
+    enum="BooleanIsPhishing" expires_after="2021-09-17">
+  <owner>drubery@chromium.org</owner>
+  <owner>chrome-safebrowsing-alerts@google.com</owner>
+  <summary>
+    Records whether the local phishing detection model detects phishing. This
+    histogram is logged each time the model is run (roughly on every navigation
+    to a non-allowlisted site)
+  </summary>
+</histogram>
+
 <histogram name="SBClientPhishing.PageCapturedMatchesBrowserURL"
    enum="BooleanMatched" expires_after="2021-01-27">
  <owner>drubery@chromium.org</owner>
@@ -151602,6 +151623,17 @@ Safe Browsing lookups, which is critical for security. -->
  </summary>
 </histogram>

+<histogram name="SBClientPhishing.ServerModelDetectsPhishing"
+    enum="BooleanIsPhishing" expires_after="2021-09-17">
+  <owner>drubery@chromium.org</owner>
+  <owner>chrome-safebrowsing-alerts@google.com</owner>
+  <summary>
+    Records whether the server-side phishing detection model detects phishing.
+    This histogram is logged each time we contact Safe Browsing to evaluate
+    whether a site is phishing.
+  </summary>
+</histogram>
+
 <histogram name="SBClientPhishing.SkipClassificationReason"
    enum="SBClientPhishingSkipClassificationReason" expires_after="2020-02-16">
  <obsolete>