ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection

USENIX Security 2023

to do this properly, you need more resources: The hidden costs of introducing simulated phishing campaigns

L. Brunken, A. Buckmann, J. Hielscher, M.A. Sasse

Published: 2023

14th IEEE Annual Computing and Communication Workshop and Conference, CCWC 2024

Can AI keep you safe? A study of large language models for phishing detection

R. Chataut, P.K. Gyawali, Y. Usman

Published: 2024

2017 IEEE International Conference on Software Quality, Reliability and Security Companion

A content-based phishing email detection method

H. Che, Q. Liu, L. Zou, H. Yang, D. Zhou, F. Yu

Published: 2017

28th USENIX Security Symposium

High precision detection of business email compromise

A. Cidon, L. Gavish, I. Bleier, N. Korshun, M. Schweighauser, A. Tsitkin

Published: 2019

NDSS 2007

Phinding phish: An evaluation of anti-phishing toolbars

L.F. Cranor, S. Egelman, J.I. Hong, Y. Zhang

Published: 2007

Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018

Reading between the lines: Content-agnostic detection of spear-phishing emails

H. Gascon, S. Ullrich, B. Stritter, K. Rieck

Published: 2018

Gemini API

Google Cloud

Published: 2024

An overview of Gmail’s spam filters

Google Workspace Blog

Published: 2024

2018 Workshop Usable Security

User context: an explanatory variable in phishing susceptibility

K.K. Greene, M. Steves, M. Theofanos, J. Kostick

Published: 2018

IEEE Trans. Dependable Secur. Comput.

Learning from the ones that got away: Detecting new forms of phishing attacks

C.N. Gutierrez, T. Kim, R.D. Corte, J. Avery, D. Goldwasser, M. Cinque, S. Bagchi

Published: 2018

31st Annual ACM Symposium on Applied Computing

Accurate spear phishing campaign attribution and early detection

Y. Han, Y. Shen

Published: 2016

IEEE Access

Devising and detecting phishing emails using large language models

F. Heiding, B. Schneier, A. Vishwanath, J. Bernstein, P.S. Park

Published: 2024

arxiv

被引用数 1

USENIX Security Symposium

Cognitive Triaging of Phishing Attacks

Amber van der Heijden, Luca Allodi

Published: 2019.5.7

In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.

攻撃シナリオ分析ポイズニングデータ収集手法

28th USENIX Security Symposium (USENIX Security 19)

Detecting and characterizing lateral phishing at scale

Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M Voelker, David Wagner

Published: 2019

27th USENIX Security Symposium

End-to-end measurements of email spoofing attacks

H. Hu, G. Wang

Published: 2018

Usable Security and Privacy (USEC) Symposium

Pickmail: a serious game for email phishing awareness training

G. Jayakrishnan, V. Banahatti, S. Lodha

Published: 2022

arxiv

被引用数 1

ACM Asia Conference on Computer and Communications Security (AsiaCCS)

Email Summarization to Assist Users in Phishing Identification

Amir Kashapov, Tingmin Wu, Alsharif Abuadbba, Carsten Rudolph

Published: 2022.3.25

Cyber-phishing attacks recently became more precise, targeted, and tailored by training data to activate only in the presence of specific information or cues. They are adaptable to a much greater extent than traditional phishing detection. Hence, automated detection systems cannot always be 100% accurate, increasing the uncertainty around expected behavior when faced with a potential phishing email. On the other hand, human-centric defence approaches focus extensively on user training but face the difficulty of keeping users up to date with continuously emerging patterns. Therefore, advances in analyzing the content of an email in novel ways along with summarizing the most pertinent content to the recipients of emails is a prospective gateway to furthering how to combat these threats. Addressing this gap, this work leverages transformer-based machine learning to (i) analyze prospective psychological triggers, to (ii) detect possible malicious intent, and (iii) create representative summaries of emails. We then amalgamate this information and present it to the user to allow them to (i) easily decide whether the email is "phishy" and (ii) self-learn advanced malicious patterns.

メールセキュリティ防御手法ビジネスメール詐欺

CoRR

Detecting phishing sites using chatgpt

T. Koide, N. Fukushi, H. Nakano, D. Chiba

Published: 2023

Advances in neural information processing systems

Large language models are zero-shot reasoners

Takeshi Kojima, Shixiang Shane Gu, Machel Reid, Yutaka Matsuo, Yusuke Iwasawa

Published: 2022

RFC 6376

DomainKeys Identified Mail (DKIM) Signatures

M. Kucherawy, D. Crocker, T. Hansen

Published: 2011

RFC 7489

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

M. Kucherawy, E. Zwicky

Published: 2015

IEEE European Symposium on Security and Privacy, EuroS&P

D-fence: A flexible, efficient, and comprehensive phishing email detection system

J. Lee, F. Tang, P. Ye, F. Abbasi, P. Hay, D.M. Divakaran

Published: 2021

IEEE Trans. Big Data

LSTM based phishing detection for big email data

Q. Li, M. Cheng, J. Wang, B. Sun

Published: 2022

Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023

Understanding the viability of gmail’s origin indicator for identifying the sender

E. Liu, L. Sun, A. Bellon, G. Ho, G.M. Voelker, S. Savage, I.N.S. Munyaka

Published: 2023

Azure OpenAI Service

Microsoft Azure

Published: 2024

Overview of the Junk Email Filter

Microsoft Support

Published: 2024

Clust. Comput.

An intelligent cyber security phishing detection system using deep learning techniques

A. Mughaid, S. AlZu’bi, A. Hnaif, S. Taamneh, A. Alnajjar, E.A. Elsoud

Published: 2022

RAID ’21

CADUE: content-agnostic detection of unwanted emails for enterprise security

M. Nabeel, E. Altinisik, H. Sun, I. Khalil, W.H. Wang, T. Yu

Published: 2021

USEC 2023

“i didn’t click”: What users say when reporting phishing

N. Pilavakis, A. Jenkins, N. Kökciyan, K. Vaniea

Published: 2023

CODASPY ’22: Twelveth ACM Conference on Data and Application Security and Privacy

Leveraging synthetic data and PU learning for phishing email detection

F.Z. Qachfar, R.M. Verma, A. Mukherjee

Published: 2022

Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

An investigation of phishing awareness and education over time: When and how to best remind users

Benjamin Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana Von Landesberger, Melanie Volkamer

Published: 2020

AISec 2022

Context-based clustering to mitigate phishing attacks

T. Saka, K. Vaniea, N. Kökciyan

Published: 2022

RFC 4408

Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1

W. Schlitt, M.W. Wong

Published: 2006

Internet-draft

Brand Indicators for Message Identification (BIMI)

Seth Blank

Published: 2023

30th USENIX Security Symposium

Weak links in authentication chains: A large-scale analysis of email sender spoofing attacks

K. Shen, C. Wang, M. Guo, X. Zheng, C. Lu, B. Liu, Y. Zhao, S. Hao, H. Duan, Q. Pan, M. Yang

Published: 2021

Evaluating the performance of chatgpt for spam email detection

S. Si, Y. Wu, L. Tang, Y. Zhang, J. Wosik

Published: 2024

IMC ’20

Who is targeted by email-based phishing and malware?: Measuring factors that differentiate risk

C. Simoiu, A. Zand, K. Thomas, E. Bursztein

Published: 2020

SN Comput. Sci.

Phishing email detection based on binary search feature selection

G. Sonowal

Published: 2020

21th USENIX Security Symposium

B@bel: Leveraging email delivery for spam mitigation

G. Stringhini, M. Egele, A. Zarras, T. Holz, C. Kruegel, G. Vigna

Published: 2012

Chain-of-thought prompting elicits reasoning in large language models

J. Wei, X. Wang, D. Schuurmans, M. Bosma, B. Ichter, F. Xia, E. Chi, Q. Le, D. Zhou

Published: 2023

A prompt pattern catalog to enhance prompt engineering with chatgpt.

J. White, Q. Fu, S. Hays, M. Sandborn, C. Olea, H. Gilbert, A. Elnashar, J. Spencer-Smith, D. C. Schmidt

Published: 2023

PAM 2023

A first look at brand indicators for message identification (BIMI)

M. Yajima, D. Chiba, Y. Yoneya, T. Mori

Published: 2023

SOUPS 2022

Presenting suspicious details in user-facing e-mail headers does not improve phishing detection

S.Y. Zheng, I. Becker

Published: 2022

SOUPS 2023

Checking, nudging or scoring? evaluating e-mail user security tools

S.Y. Zheng, I. Becker

Published: 2023

ACM Trans. Priv. Secur.

Sok: Human-centered phishing susceptibility

S. Zhuo, R. Biddle, Y.S. Koh, D.M. Lottridge, G. Russello

Published: 2023