Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training

Machine learning has been described as an effective measure in avoiding most cyberattacks. The development of AI has therefore promoted increased security for most computer attacks. Phishing attacks are risky and can be prevented through AI-based solutions. This factor suggests the need for increased awareness of cybersecurity through AI. Developing awareness for most people will prevent these types of attacks. The research paper describes how the awareness of AI-based cybersecurity could ensure a reduction of phishing attacks. The paper, therefore, showcases the effectiveness of AI-based cybersecurity awareness training and how it may influence cyber-attacks

Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.Comment: Detection of spear phishing using social media feature

Trademark Vigilance in the Twenty-First Century: An Update

The trademark laws impose a duty upon brand owners to be vigilant in policing their marks, lest they be subject to the defense of laches, a reduced scope of protection, or even death by genericide. Before the millennium, it was relatively manageable for brand owners to police the retail marketplace for infringements and counterfeits. The Internet changed everything. In ways unforeseen, the Internet has unleashed a tremendously damaging cataclysm upon brands—online counterfeiting. It has created a virtual pipeline directly from factories in China to the American consumer shopping from home or work. The very online platforms that make Internet shopping so convenient, and that have enabled brands to expand their sales, have exposed buyers to unwittingly purchasing fake goods which can jeopardize their health and safety as well as brand reputation. This Article updates a 1999 panel discussion titled Trademark Vigilance in the Twenty-First Century, held at Fordham Law School, and explains all the ways in which vigilance has changed since the Internet has become an inescapable feature of everyday life. It provides trademark owners with a road map for monitoring brand abuse online and solutions for taking action against infringers, counterfeiters and others who threaten to undermine brand value

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

Leveraging Artificial Intelligence to Strengthen Human Resilience Against Phishing Attacks

Phishing attacks are a major cybersecurity threat, tricking people with fake emails, scam websites, and social engineering tactics. As these attacks become more advanced, traditional security measures are no longer enough to stop them. This paper looks at how Artificial Intelligence (AI) can help detect and prevent phishing while also making people more aware of these threats. Using machine learning (ML), natural language processing (NLP), and behavioral analysis, AI can examine email content, sender behavior, and metadata to spot phishing attempts. AI-powered cybersecurity training can also teach people to recognize and respond to phishing by using personalized phishing tests and tracking user behavior to find those most at risk. This paper is based on a review of existing research on AI-driven phishing detection and human factors in cybersecurity. It brings together information from academic studies, industry reports, and case studies to explore how AI helps stop phishing and what challenges it faces. However, this study has some limitations since it relies only on past research and does not include new experiments or firsthand testing of AI security tools. Also, while AI can improve phishing detection, its success depends on the quality of training data and how attackers change their tactics. This paper concludes that the best way to improve cybersecurity is by combining AI-based security with user education and strong security policies