PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names

Domain squatting is a technique used by attackers to create domain names for phishing sites. In recent phishing attempts, we have observed many domain names that use multiple techniques to evade existing methods for domain squatting. These domain names, which we call generated squatting domains (GSDs), are quite different in appearance from legitimate domain names and do not contain brand names, making them difficult to associate with phishing. In this paper, we propose a system called PhishReplicant that detects GSDs by focusing on the linguistic similarity of domain names. We analyzed newly registered and observed domain names extracted from certificate transparency logs, passive DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers in a four-week experiment, of which 2,821 were used for phishing sites within a month of detection. We also confirmed that our proposed system outperformed existing systems in both detection accuracy and number of domain names detected. As an in-depth analysis, we examined 205k GSDs collected over 150 days and found that phishing using GSDs was distributed globally. However, attackers intensively targeted brands in specific regions and industries. By analyzing GSDs in real time, we can block phishing sites before or immediately after they appear.Comment: Accepted at ACSAC 202

Detecting Phishing Sites Using ChatGPT

The rise of large language models (LLMs) has had a significant impact on various domains, including natural language processing and artificial intelligence. While LLMs such as ChatGPT have been extensively researched for tasks such as code generation and text synthesis, their application in detecting malicious web content, particularly phishing sites, has been largely unexplored. To combat the rising tide of automated cyber attacks facilitated by LLMs, it is imperative to automate the detection of malicious web content, which requires approaches that leverage the power of LLMs to analyze and classify phishing sites. In this paper, we propose a novel method that utilizes ChatGPT to detect phishing sites. Our approach involves leveraging a web crawler to gather information from websites and generate prompts based on this collected data. This approach enables us to detect various phishing sites without the need for fine-tuning machine learning models and identify social engineering techniques from the context of entire websites and URLs. To evaluate the performance of our proposed method, we conducted experiments using a dataset. The experimental results using GPT-4 demonstrated promising performance, with a precision of 98.3% and a recall of 98.4%. Comparative analysis between GPT-3.5 and GPT-4 revealed an enhancement in the latter's capability to reduce false negatives. These findings not only highlight the potential of LLMs in efficiently identifying phishing sites but also have significant implications for enhancing cybersecurity measures and protecting users from the dangers of online fraudulent activities

Modeling of DNA binding to the condensin hinge domain using molecular dynamics simulations guided by atomic force microscopy

The condensin protein complex compacts chromatin during mitosis using its DNA-loop extrusion activity. Previous studies proposed scrunching and loop-capture models as molecular mechanisms for the loop extrusion process, both of which assume the binding of double-strand (ds) DNA to the hinge domain formed at the interface of the condensin subunits Smc2 and Smc4. However, how the hinge domain contacts dsDNA has remained unknown. Here, we conducted atomic force microscopy imaging of the budding yeast condensin holo-complex and used this data as basis for coarse-grained molecular dynamics simulations to model the hinge structure in a transient open conformation. We then simulated the dsDNA binding to open and closed hinge conformations, predicting that dsDNA binds to the outside surface when closed and to the outside and inside surfaces when open. Our simulations also suggested that the hinge can close around dsDNA bound to the inside surface. Based on these simulation results, we speculate that the conformational change of the hinge domain might be essential for the dsDNA binding regulation and play roles in condensin-mediated DNA-loop extrusion

Adsorption of rare earth ions onto the cell walls of wild-type and lipoteichoic acid-defective strains of Bacillus subtilis

The aim of this study is to investigate the potential of cell walls of wild-type and lipoteichoic acid-defective strains of Bacillus subtilis 168 to adsorb rare earth ions. Freeze-dried cell powders prepared from both strains were used for the evaluation of adsorption ability for the rare earth ions, namely, La(III), Eu(III), and Tm(III). The rare earth ions were efficiently adsorbed onto powders of both wild-type strain (WT powder) and lipoteichoic acid-defective strain (a dagger LTA powder) at pH 3. The maximum adsorption capacities for Tm(III) by WT and a dagger LTA powders were 43 and 37 mg g(-1), respectively. Removal (in percent) of Tm(III), La(III), and Eu(III) from aqueous solution by WT powder was greater than by a dagger LTA powder. These results indicate that rare earth ions are adsorbed to functional groups, such as phosphate and carboxyl groups, of lipoteichoic acid. We observed coagulated a dagger LTA powder in the removal of rare earth ions (1-20 mg L-1) from aqueous solution. In contrast, sedimentation of WT powder did not occur under the same conditions. This unique feature of a dagger LTA powder may be caused by the difference of the distribution between lipoteichoic acid and wall teichoic acid. It appears that a dagger LTA powder is useful for removal of rare earth ions by adsorption, because aggregation allows for rapid separation of the adsorbent by filtration.ArticleAPPLIED MICROBIOLOGY AND BIOTECHNOLOGY. 97(8):3721-3728 (2013)journal articl

Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine, demonstrating that CrowdCanary is superior to existing systems in both accuracy and volume of threat extraction. We also analyzed users who shared phishing threats by utilizing the extracted phishing URLs and categorized them into two distinct groups - namely, experts and non-experts. As a result, we found that CrowdCanary could collect information that is specifically included in non-expert reports, such as information shared only by the company brand name in the tweet, information about phishing attacks that we find only in the image of the tweet, and information about the landing page before the redirect

Endogenization and excision of human herpesvirus 6 in human genomes

Sequences homologous to human herpesvirus 6 (HHV-6) are integrated within the nuclear genome of about 1% of humans, but it is not clear how this came about. It is also uncertain whether integrated HHV-6 can reactive into an infectious virus. HHV-6 integrates into telomeres, and this has recently been associated with polymorphisms affecting MOV10L1. MOV10L1 is located on the subtelomere of chromosome 22q (chr22q) and is required to make PIWI-interacting RNAs (piRNAs). As piRNAs block germline integration of transposons, piRNA-mediated repression of HHV-6 integration has been proposed to explain this association.In vitro, recombination of the HHV-6 genome along its terminal direct repeats (DRs) leads to excision from the telomere and viral reactivation, but the expected "solo-DR scar" has not been describedin vivo. Here we screened for integrated HHV-6 in 7,485 Japanese subjects using whole-genome sequencing (WGS). Integrated HHV-6 was associated with polymorphisms on chr22q. However, in contrast to prior work, we find that the reported MOV10L1 polymorphism is physically linked to an ancient endogenous HHV-6A variant integrated into the telomere of chr22q in East Asians. Unexpectedly, an HHV-6B variant has also endogenized in chr22q; two endogenous HHV-6 variants at this locus thus account for 72% of all integrated HHV-6 in Japan. We also report human genomes carrying only one portion of the HHV-6B genome, a solo-DR, supporting in vivo excision and possible viral reactivation. Together these results explain the recently-reported association between integrated HHV-6 and MOV10L1/piRNAs, suggest potential exaptation of HHV-6 in its coevolution with human chr22q, and clarify the evolution and risk of reactivation of the only intact (non-retro)viral genome known to be present in human germlines

GABPα regulates Oct-3/4 expression in mouse embryonic stem cells

金沢大学大学院医学系研究科機能再生学Embryonic stem (ES) cells are pluripotent cells derived from the inner cell mass of blastocysts, and transcription factors Oct-3/4, Nanog, Sox2, and STAT3, are essential for their self-renewal. In this study, we searched for molecules downstream of STAT3 in ES cells. Using DNA chip analysis, we obtained GA-repeat binding protein (GABP) α. Expression of GABPα was restricted to undifferentiated ES cells and controlled by STAT3. We found that the expression level of Oct-3/4 is reduced by knockdown of GABPα. On the other hand, GABPα-overexpressing ES cells maintained the expression level of Oct-3/4 even in the absence of LIF. Moreover, the induction of Oct-3/4 repressors Cdx-2, Coup-tf1, and GCNF was stimulated by GABPα knockdown. These data suggest that GABPα upregulates the expression of Oct-3/4 via downregulation of Oct-3/4 repressors. © 2006 Elsevier Inc. All rights reserved

Identification of intracellular squalene in living algae, Aurantiochytrium mangrovei with hyper-spectral coherent anti-Stokes Raman microscopy using a sub-nanosecond supercontinuum laser source

We applied hyper-spectral coherent anti-Stokes Raman scattering imaging to intracellular lipid identification in living microalgae, Aurantiochytrium mangrovei 18W-13a. Two different lipids, squalene and triacylglycerol, were found inside living cells with clear vibrational contrast. Based on the endogenous lipid band as a result of the cis C[DOUBLE BOND]C stretch vibrational mode, squalene and triacylglycerol were clearly distinguished in different intracellular areas. In particular, squalene was detected solely in vacuoles as lipid particles, which was also supported by electron microscopy

Host selection of hematophagous leeches (Haemadipsa japonica): Implications for iDNA studies

The development of an efficient and cost‐effective method for monitoring animal populations or biodiversity is urgently needed, and invertebrate‐derived DNA (iDNA) may offer a promising tool for assessing the diversity and other ecological information of vertebrates. We studied the host species of a hematophagous leech (Haemadipsa japonica) in Yakushima by genetic barcoding and compared the results with those for mammal composition revealed by camera trapping. We analyzed 119 samples using two sets of primers by Sanger sequencing and one set of primer by next generation sequencing. The proportion of the samples that were successfully sequenced and identified to at least one species was 11.8–24.3%, depending on the three different methods. In all of these three methods, most of the samples were identified as sika deer (18/20, 6/15 and 16/29) or human (2/20, 7/15 and 21/29). The nonhuman mammal host species composition was significantly different from that estimated by camera trapping. Sika deer was the main host, which may be related with their high abundance, large body size and terrestriality. Ten samples included DNA derived from multiple species of vertebrates. This may be due to the contamination of human DNA, but we also found DNA from deer, Japanese macaque and a frog in the same samples, suggesting the mixture of the two meals in the gut of the leech. Using H. japonica‐derived iDNA would not be suitable to make an inventory of species, but it may be useful to collect genetic information on the targeted species, due to their high host selectivity

A Role for Strain Differences in Waveforms of Ultrasonic Vocalizations during Male–Female Interaction

Male mice emit ultrasonic vocalizations (USVs) towards females during male–female interaction. It has been reported that USVs of adult male mice have the capability of attracting females. Although the waveform pattern of USVs is affected by genetic background, differences among strains with respect to USV and the effects of these differences on courtship behavior have not been analyzed fully. We analyzed USV patterns, as well as actual social behavior during USV recording, in 13 inbred mouse strains, which included laboratory and wild-derived strains. Significant effects of strain were observed for the frequency of USV emission, duration, and frequency of the waveform category. Principal component (PC) analysis showed that PC1 was related to frequency and duration, and PC2–4 were related to each waveform. In the comparison of USV patterns and behaviors among strains, wild-derived KJR mice displayed the highest scores for PC2–4, and female mice paired with KJR males did not emit rejection-related click sounds. It is assumed that the waveforms emitted by KJR males have a positive effect in male–female interaction. Therefore, we extracted waveforms in PC2–4 from the USV recordings of KJR mice to produce a sound file, "HIGH2-4". As a negative control, another sound file ("LOW2-4") was created by extracting waveforms in PC2-4 from strains with low scores for these components. In the playback experiments using these sound files, female mice were attracted to the speaker that played HIGH2-4 but not the speaker that played LOW2-4. These results highlight the role of strain differences in the waveforms of male USVs during male–female interaction. The results indicated that female mice use male USVs as information when selecting a suitable mate