Detecting Phishing Sites Using ChatGPT

The rise of large language models (LLMs) has had a significant impact on various domains, including natural language processing and artificial intelligence. While LLMs such as ChatGPT have been extensively researched for tasks such as code generation and text synthesis, their application in detecting malicious web content, particularly phishing sites, has been largely unexplored. To combat the rising tide of automated cyber attacks facilitated by LLMs, it is imperative to automate the detection of malicious web content, which requires approaches that leverage the power of LLMs to analyze and classify phishing sites. In this paper, we propose a novel method that utilizes ChatGPT to detect phishing sites. Our approach involves leveraging a web crawler to gather information from websites and generate prompts based on this collected data. This approach enables us to detect various phishing sites without the need for fine-tuning machine learning models and identify social engineering techniques from the context of entire websites and URLs. To evaluate the performance of our proposed method, we conducted experiments using a dataset. The experimental results using GPT-4 demonstrated promising performance, with a precision of 98.3% and a recall of 98.4%. Comparative analysis between GPT-3.5 and GPT-4 revealed an enhancement in the latter's capability to reduce false negatives. These findings not only highlight the potential of LLMs in efficiently identifying phishing sites but also have significant implications for enhancing cybersecurity measures and protecting users from the dangers of online fraudulent activities

PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names

Domain squatting is a technique used by attackers to create domain names for phishing sites. In recent phishing attempts, we have observed many domain names that use multiple techniques to evade existing methods for domain squatting. These domain names, which we call generated squatting domains (GSDs), are quite different in appearance from legitimate domain names and do not contain brand names, making them difficult to associate with phishing. In this paper, we propose a system called PhishReplicant that detects GSDs by focusing on the linguistic similarity of domain names. We analyzed newly registered and observed domain names extracted from certificate transparency logs, passive DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers in a four-week experiment, of which 2,821 were used for phishing sites within a month of detection. We also confirmed that our proposed system outperformed existing systems in both detection accuracy and number of domain names detected. As an in-depth analysis, we examined 205k GSDs collected over 150 days and found that phishing using GSDs was distributed globally. However, attackers intensively targeted brands in specific regions and industries. By analyzing GSDs in real time, we can block phishing sites before or immediately after they appear.Comment: Accepted at ACSAC 202

Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine, demonstrating that CrowdCanary is superior to existing systems in both accuracy and volume of threat extraction. We also analyzed users who shared phishing threats by utilizing the extracted phishing URLs and categorized them into two distinct groups - namely, experts and non-experts. As a result, we found that CrowdCanary could collect information that is specifically included in non-expert reports, such as information shared only by the company brand name in the tweet, information about phishing attacks that we find only in the image of the tweet, and information about the landing page before the redirect

Preoperative Butyrylcholinesterase Level as an Independent Predictor of Overall Survival in Clear Cell Renal Cell Carcinoma Patients Treated with Nephrectomy

The prognostic factors for the overall survival (OS) of clear cell renal cell carcinoma (ccRCC) patients treated with nephrectomy are not well defined. In the present study, we investigated the prognostic significance of preoperative butyrylcholinesterase (BChE) levels in 400 ccRCC patients undergoing radical or partial nephrectomy from 1992 to 2013 at our institution. Univariate and multivariate analyses were performed to determine the clinical factors associated with OS. Among the enrolled patients, 302 were diagnosed with organ-confined disease only (T1-2N0M0), 16 with lymph node metastases, and 56 with distant metastases. The median preoperative BChE level was 250 U/L (normal range, 168–470 U/L), and median follow-up period was 36 months. The 3-year OS rate in patients with preoperative BChE levels of ≥100 U/L was significantly higher than in those with levels of <100 U/L (89.3% versus 77.7%, P=0.004). On univariate analysis, performance status; anemia; hypoalbuminemia; preoperative levels of BChE, corrected calcium, and C-reactive protein; and distant metastasis status were significantly associated with OS. Multivariate analysis revealed that preoperative BChE levels and distant metastasis status were significantly associated with OS. Our findings suggest a possible role of preoperative BChE levels as an independent predictor of OS after nephrectomy in ccRCC patients

Structural analysis of three novel trisaccharides isolated from the fermented beverage of plant extracts

<p>Abstract</p> <p>Background</p> <p>A fermented beverage of plant extracts was prepared from about fifty kinds of vegetables and fruits. Natural fermentation was carried out mainly by lactic acid bacteria (<it>Leuconostoc </it>spp.) and yeast (<it>Zygosaccharomyces </it>spp. and <it>Pichia </it>spp.). We have previously examined the preparation of novel four trisaccharides from the beverage: <it>O</it>-β-D-fructopyranosyl-(2->6)-<it>O</it>-β-D-glucopyranosyl-(1->3)-D-glucopyranose, <it>O</it>-β-D-fructopyranosyl-(2->6)-<it>O</it>-[β-D-glucopyranosyl-(1->3)]-D-glucopyranose, <it>O</it>-β-D-glucopyranosyl-(1->1)-<it>O</it>-β-D-fructofuranosyl-(2<->1)-α-D-glucopyranoside and <it>O</it>-β-D-galactopyranosyl-(1->1)-<it>O</it>-β-D-fructofuranosyl-(2<->1)- α-D-glucopyranoside.</p> <p>Results</p> <p>Three further novel oligosaccharides have been found from this beverage and isolated from the beverage using carbon-Celite column chromatography and preparative high performance liquid chromatography. Structural confirmation of the saccharides was provided by methylation analysis, MALDI-TOF-MS and NMR measurements.</p> <p>Conclusion</p> <p>The following novel trisaccharides were identified: <it>O</it>-β-D-fructofuranosyl-(2->1)-<it>O</it>-[β-D-glucopyranosyl-(1->3)]-β-D-glucopyranoside (named "3^G-β-D-glucopyranosyl β, β-isosucrose"), <it>O</it>-β-D-glucopyranosyl-(1->2)-<it>O</it>-[β-D-glucopyranosyl-(1->4)]-D-glucopyranose (4¹-β-D-glucopyranosyl sophorose) and <it>O</it>-β-D-fructofuranosyl-(2->6)-<it>O</it>-β-D-glucopyranosyl-(1->3)-D-glucopyranose (6²-β-D-fructofuranosyl laminaribiose).</p

Isolation and structural confirmation of the oligosaccharides containing α-d-fructofuranoside linkages isolated from fermented beverage of plant extracts

Fermented beverage of plant extracts was prepared from the extracts of approximately 50 types of vegetables and fruits. Natural fermentation was carried out mainly by lactic acid bacteria (Leuconostoc spp.) and yeast (Zygosaccharomyces spp. and Pichia spp.). Two oligosaccharides containing an α-fructofuranoside linkage were detected in this beverage and isolated using carbon–Celite column chromatography and preparative HPLC. The structural confirmation of the saccharides was determined by methylation analysis, MALDI-TOF-MS, and NMR measurements. These saccharides were identified as α-d-fructofuranosyl-(2→6)-d-glucopyranose, which was isolated from a natural source for the first time, and a novel saccharide β-d-fructopyranosyl-(2→6)-α-d-fructofuranosyl-(2↔1)-α-d-glucopyranoside

NMR Analysis of Oligosaccharides Containing Fructopyranoside

This review focuses on the NMR methods for the oligosaccharides containing fructopyranoside that were previously isolated from the fermented beverage of an extract from 50 kinds of fruits and vegetables. The ^1H and ^C-NMR signals of each saccharide were assigned using 2D-NMR including COSY, HSQC, HSQC-TOCSY, CH_2-selected HSQC-TOCSY, and CT (constant time)-HMBC. The fructose in pyranosyl form showed different ^C chemical shifts from those of furanosyl form. Further confirmation of the pyranosyl form could be obtained from the HMBC correlation peak between C-2 and H-6 of fructose residue (Fru), whereas the C-2 of Fru in furanosyl form chould give the HMBC correlation peak between H-5 of Fru. Problems encountered were signal overlapping of protons and low peak separation. The key correlation peak between C-2 and H-6 of Fru was overlapped by the correlation peak indicating a glycosidic linkage between the C-2 of Fru and the H-6 of the glucose residue (Glc, or Glc’). These were solved using HSQC and CT-HMBC spectra rather than HMQC and conventional HMBC spectra, which have an inherent broad-line-shape in the carbon dimension