32 research outputs found
Exploring the Dark Side of AI: Advanced Phishing Attack Design and Deployment Using ChatGPT
This paper explores the possibility of using ChatGPT to develop advanced
phishing attacks and automate their large-scale deployment. We make ChatGPT
generate the following parts of a phishing attack: i) cloning a targeted
website, ii) integrating code for stealing credentials, iii) obfuscating code,
iv) automating website deployment on a hosting provider, v) registering a
phishing domain name, and vi) integrating the website with a reverse proxy. The
initial assessment of the automatically generated phishing kits highlights
their rapid generation and deployment process as well as the close resemblance
of the resulting pages to the target website. More broadly, we demonstrate that
recent advances in AI underscore the potential risks of its misuse in phishing
attacks, which can lead to their increased prevalence and severity. This
highlights the necessity for enhanced countermeasures within AI systems
Phishing Sites Detection from a Web Developer’s Perspective Using Machine Learning
The Internet has enabled unprecedented communication and new technologies. Concomitantly, it has brought the bane of phishing and exacerbated vulnerabilities. In this paper, we propose a model to detect phishing webpages from a web developer’s perspective. From this standpoint, we design 120 novel features based on content from a webpage, four time-based and two search-based novel features, plus we use 34 other content-based and 11 heuristic features to optimize the model. Moreover, we select Random Committee (Base learner: Random Tree) for our framework since it has the best performance after comparing with six other algorithms: Hellinger Distance Decision Tree, SVM, Logistic Regression, J48, Naive Bayes, and Random Forest. In real-time experiments, the model achieved 99.4% precision and 98.3% MCC with 0.1% false positive rate in 5-fold crossvalidation using the realistic scenario of an unbalanced dataset