DeepPhish: Simulating malicious AI
Download as PPTX, PDF3 likes2,839 views
Cyxtera Technologies is focused on cybersecurity, utilizing AI to classify and predict phishing attacks with over 98% accuracy. Their research includes understanding patterns of attackers to enhance detection systems and simulate malicious AI scenarios. The findings indicate that AI significantly improves the efficiency of cyber attacks, necessitating advanced defensive strategies.
DeepPhish: Simulating malicious AI
- 1. DeepPhish Simulating Malicious AI IvanTorroledo – Lead Data Scientist Alejandro Correa Bahnsen –VP, Research Luis Camacho – Lead Research Data Architect
- 2. CYXTERA TECHNOLOGIES 2 Portfolio of cybersecurity software and services Intelligent and adaptive Cloud-native and hybrid-ready Global colocation leader 57 data centers in 29 global markets 2.6M sq. feet of data center space 195 megawatts of power 3,500 customers 1,100 employees Headquartered in Miami with offices globally Experienced leadership in infrastructure and security CyxteraTechnologies
- 3. CYXTERA TECHNOLOGIES 3 80 % of cyber crimes are being committed by sophisticated attackers The total USA market for cyber insurance is 3B in 2017
- 6. CYXTERA TECHNOLOGIES AI to Classify Phishing URLs 6 Identify & Classify Malicious URLs and Domains with Prediction - Not Blacklists. The system calculates the probability of a URL being used to host a phishing attacks using Deep Neural Networks. It correctly classify URLs with over 98% of accuracy.
- 7. CYXTERA TECHNOLOGIES Long-Short Term Memory Networks 7 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … Embedding 3.2 1.2 … 1.7 6.4 2.3 … 2.6 6.4 3.0 … 1.7 3.4 2.6 … 3.4 2.6 3.8 … 2.6 3.5 3.2 … 6.4 1.7 4.2 … 6.4 8.6 2.4 … 6.4 4.3 2.9 … 6.4 2.2 3.4 … 3.4 3.2 2.6 … 2.6 4.2 2.2 … 3.5 2.4 3.2 … 1.7 2.9 1.7 … 8.6 3.0 6.4 … 2.6 2.6 6.4 … 3.8 3.8 3.4 … 3.2 3.3 2.6 … 2.2 3.1 2.2 … 2.9 1.8 3.2 … 3.0 2.5 6.4 … 2.6 LSTM LSTM LSTM LSTM Sigmoid …
- 11. CYXTERA TECHNOLOGIES The Experiment Process Identify individual threat actors Ran them through our own AI detection system Improved their attacks using AI
- 12. CYXTERA TECHNOLOGIES Uncovering Threat Actors 12 Objective: We want to understand effective patterns of each attacker to improve them through a AI model As we can not know them directly, we must learn from them through their attacks Database with 1.1M confirm phishing URLs collected from Phishtank
- 13. CYXTERA TECHNOLOGIES Threat Actor 1 13 naylorantiques.com 406 URLs http://naylorantiques.com/components/com_contact/vi ews/contact/tmpl/62 http://naylorantiques.com/docs/Auto/Atendimento/5BB ROPI6S3 http://naylorantiques.com/Atualizacao Segura/pictures/XG61YYMT_FXW0PWR8_5P2O7T2U_P9H NDPQR/ http://naylorantiques.com/zifn3p72bsifn9hx9ldecd8jzl2f0 xlwf8f http://www.naylorantiques.com/JavaScript/charset=iso- 8859-1/http-equiv/margin-bottom Keywords atendimento, jsf, identificacao, ponents, views, TV, mail, SHOW, COMPLETO, VILLA, MIX, ufi, pnref, story, tryy2ilr, Autentico 106 domains naylorantiques.com, netshelldemos.com, debbiebright.co.z, waldronfamilygppractice.co.uk , avea-vacances.com , psncodes2013.com uni5.net , 67.228.96.204, classificadosmaster.com.br, ibjjf.org Visual Check Check in database Visual Check
- 14. CYXTERA TECHNOLOGIES Threat Actor 2 14 vopus.org 13 URLs http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust http://www.vopus.org/ru/media/tdcanadatrust/index.html http://vopus.org/common/index.htm http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust/index.html http://vopus.org/descargas/otros/tdcanadatrust/index.html Keyword tdcanadatrust/index.html 19 domains friooptimo.com, kramerelementary.org, kalblue.com, vopus.org, artwood.co.kr, stephenpizzuti.com, heatherthinks.com, corvusseo.com, natikor.by, optioglobal.com, backfire.se, fncl.ma, greenant.de, mersintenisakademisi.com, cavtel.net Visual Check Check in database Visual Check
- 15. CYXTERA TECHNOLOGIES Threat Actors Efficiency 15 0.24% 0.69% 4.91% All Attacks (1,146,441) Threat Actor 1 (1,009) Threat Actor 2 (102)
- 17. CYXTERA TECHNOLOGIES DeepPhish Algorithm - Training 17 Non Effective URLs Effective URLs Encoding … … … … … Model Az Rolling Window Concatenate andcreate Transform Train http://www.naylorantiques.com/content/centrais/fone_facil http://kisanart.com/arendivento/menu-opcoes-fone-facil/ http://naylorantiques.com/atendimento/menu-opcoes-fone-facil/3 http://www.naylorantiques.com/content/centr ais/fone_facilhttp://kisanart.com/arendivento/ menu-opcoes-fone- facil/http://naylorantiques.com/atendimento/ menu-opcoes-fone-facil/3
- 18. CYXTERA TECHNOLOGIES DeepPhish LSTM Network 18 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … LSTM LSTM LSTM LSTM Softmax … tanH tanH tanH tanH …
- 19. CYXTERA TECHNOLOGIES DeepPhish Algorithm – Prediction 19 Compromised Domains Allowed Paths + Model Filterpaths Predict Next Character Iteratively Synthetic URLs /arendipemto/nenu-opcines-fone-facil vfone/faci/Atondime+ http:// + www.naylorantiques.com + /arendipemto/nenu-opcines-fone-facilvone/facil/Atondime Create
- 20. CYXTERA TECHNOLOGIES Simulating Malicious AI using DeepPhish 20 We selected the two most effective threat actors.With each subsample of effective URLs by threat actor, we implemented DeepPhish algorithm.
- 21. CYXTERA TECHNOLOGIES TraditionalAttacksvs.AI-DrivenAttacks 21 0.69% 20.90% Traditional DeepPhish 4.91% 36.28% Traditional DeepPhish Threat Actor 1 Threat Actor 2
- 22. CYXTERA TECHNOLOGIES Takeaways! 22 AIenhancesattackersefficiencies ML and AI driven detection systems Deep Adversarial Learning Relentless monitoring Multi-layered approach to anti- fraud
- 23. CYXTERA TECHNOLOGIES 23 The Power of Adversary AI More & Better Phishing Attacks Increasingly Powerful Self-Spreading Malware Weaken Authentication Controls Cheat Rule-based Transaction Monitoring
- 24. CYXTERA TECHNOLOGIES 24 1-Minute ResearchVideo Brief 2 Page Research Summary Slides (Extended Version) Academic paper AIvs.AI:CanPredictiveModelsStoptheTideofHackerAI? www.easysol.net/ai-project
- 25. www.cyxtera.com IvanTorroledo – ivan.torroledo@cyxtera.com Alejandro Correa Bahnsen – alejandro.correa@cyxtera.com Luis Camacho – luis.camacho@cyxtera.com
Editor's Notes
- #4: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #5: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #7: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #10: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #13: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #14: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #15: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #16: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #18: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #20: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #21: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
- #23: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.