38 research outputs found
Detecting Phishing Sites Using ChatGPT
The rise of large language models (LLMs) has had a significant impact on
various domains, including natural language processing and artificial
intelligence. While LLMs such as ChatGPT have been extensively researched for
tasks such as code generation and text synthesis, their application in
detecting malicious web content, particularly phishing sites, has been largely
unexplored. To combat the rising tide of automated cyber attacks facilitated by
LLMs, it is imperative to automate the detection of malicious web content,
which requires approaches that leverage the power of LLMs to analyze and
classify phishing sites. In this paper, we propose a novel method that utilizes
ChatGPT to detect phishing sites. Our approach involves leveraging a web
crawler to gather information from websites and generate prompts based on this
collected data. This approach enables us to detect various phishing sites
without the need for fine-tuning machine learning models and identify social
engineering techniques from the context of entire websites and URLs. To
evaluate the performance of our proposed method, we conducted experiments using
a dataset. The experimental results using GPT-4 demonstrated promising
performance, with a precision of 98.3% and a recall of 98.4%. Comparative
analysis between GPT-3.5 and GPT-4 revealed an enhancement in the latter's
capability to reduce false negatives. These findings not only highlight the
potential of LLMs in efficiently identifying phishing sites but also have
significant implications for enhancing cybersecurity measures and protecting
users from the dangers of online fraudulent activities
PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names
Domain squatting is a technique used by attackers to create domain names for
phishing sites. In recent phishing attempts, we have observed many domain names
that use multiple techniques to evade existing methods for domain squatting.
These domain names, which we call generated squatting domains (GSDs), are quite
different in appearance from legitimate domain names and do not contain brand
names, making them difficult to associate with phishing. In this paper, we
propose a system called PhishReplicant that detects GSDs by focusing on the
linguistic similarity of domain names. We analyzed newly registered and
observed domain names extracted from certificate transparency logs, passive
DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers
in a four-week experiment, of which 2,821 were used for phishing sites within a
month of detection. We also confirmed that our proposed system outperformed
existing systems in both detection accuracy and number of domain names
detected. As an in-depth analysis, we examined 205k GSDs collected over 150
days and found that phishing using GSDs was distributed globally. However,
attackers intensively targeted brands in specific regions and industries. By
analyzing GSDs in real time, we can block phishing sites before or immediately
after they appear.Comment: Accepted at ACSAC 202
Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts
The rise in phishing attacks via e-mail and short message service (SMS) has
not slowed down at all. The first thing we need to do to combat the
ever-increasing number of phishing attacks is to collect and characterize more
phishing cases that reach end users. Without understanding these
characteristics, anti-phishing countermeasures cannot evolve. In this study, we
propose an approach using Twitter as a new observation point to immediately
collect and characterize phishing cases via e-mail and SMS that evade
countermeasures and reach users. Specifically, we propose CrowdCanary, a system
capable of structurally and accurately extracting phishing information (e.g.,
URLs and domains) from tweets about phishing by users who have actually
discovered or encountered it. In our three months of live operation,
CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We
confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the
anti-virus engine, demonstrating that CrowdCanary is superior to existing
systems in both accuracy and volume of threat extraction. We also analyzed
users who shared phishing threats by utilizing the extracted phishing URLs and
categorized them into two distinct groups - namely, experts and non-experts. As
a result, we found that CrowdCanary could collect information that is
specifically included in non-expert reports, such as information shared only by
the company brand name in the tweet, information about phishing attacks that we
find only in the image of the tweet, and information about the landing page
before the redirect
Preoperative Butyrylcholinesterase Level as an Independent Predictor of Overall Survival in Clear Cell Renal Cell Carcinoma Patients Treated with Nephrectomy
The prognostic factors for the overall survival (OS) of clear cell renal cell carcinoma (ccRCC) patients treated with nephrectomy are not well defined. In the present study, we investigated the prognostic significance of preoperative butyrylcholinesterase (BChE) levels in 400 ccRCC patients undergoing radical or partial nephrectomy from 1992 to 2013 at our institution. Univariate and multivariate analyses were performed to determine the clinical factors associated with OS. Among the enrolled patients, 302 were diagnosed with organ-confined disease only (T1-2N0M0), 16 with lymph node metastases, and 56 with distant metastases. The median preoperative BChE level was 250 U/L (normal range, 168–470 U/L), and median follow-up period was 36 months. The 3-year OS rate in patients with preoperative BChE levels of ≥100 U/L was significantly higher than in those with levels of <100 U/L (89.3% versus 77.7%, P=0.004). On univariate analysis, performance status; anemia; hypoalbuminemia; preoperative levels of BChE, corrected calcium, and C-reactive protein; and distant metastasis status were significantly associated with OS. Multivariate analysis revealed that preoperative BChE levels and distant metastasis status were significantly associated with OS. Our findings suggest a possible role of preoperative BChE levels as an independent predictor of OS after nephrectomy in ccRCC patients
Structural analysis of three novel trisaccharides isolated from the fermented beverage of plant extracts
<p>Abstract</p> <p>Background</p> <p>A fermented beverage of plant extracts was prepared from about fifty kinds of vegetables and fruits. Natural fermentation was carried out mainly by lactic acid bacteria (<it>Leuconostoc </it>spp.) and yeast (<it>Zygosaccharomyces </it>spp. and <it>Pichia </it>spp.). We have previously examined the preparation of novel four trisaccharides from the beverage: <it>O</it>-β-D-fructopyranosyl-(2->6)-<it>O</it>-β-D-glucopyranosyl-(1->3)-D-glucopyranose, <it>O</it>-β-D-fructopyranosyl-(2->6)-<it>O</it>-[β-D-glucopyranosyl-(1->3)]-D-glucopyranose, <it>O</it>-β-D-glucopyranosyl-(1->1)-<it>O</it>-β-D-fructofuranosyl-(2<->1)-α-D-glucopyranoside and <it>O</it>-β-D-galactopyranosyl-(1->1)-<it>O</it>-β-D-fructofuranosyl-(2<->1)- α-D-glucopyranoside.</p> <p>Results</p> <p>Three further novel oligosaccharides have been found from this beverage and isolated from the beverage using carbon-Celite column chromatography and preparative high performance liquid chromatography. Structural confirmation of the saccharides was provided by methylation analysis, MALDI-TOF-MS and NMR measurements.</p> <p>Conclusion</p> <p>The following novel trisaccharides were identified: <it>O</it>-β-D-fructofuranosyl-(2->1)-<it>O</it>-[β-D-glucopyranosyl-(1->3)]-β-D-glucopyranoside (named "3<sup>G</sup>-β-D-glucopyranosyl β, β-isosucrose"), <it>O</it>-β-D-glucopyranosyl-(1->2)-<it>O</it>-[β-D-glucopyranosyl-(1->4)]-D-glucopyranose (4<sup>1</sup>-β-D-glucopyranosyl sophorose) and <it>O</it>-β-D-fructofuranosyl-(2->6)-<it>O</it>-β-D-glucopyranosyl-(1->3)-D-glucopyranose (6<sup>2</sup>-β-D-fructofuranosyl laminaribiose).</p
Isolation and structural confirmation of the oligosaccharides containing α-d-fructofuranoside linkages isolated from fermented beverage of plant extracts
Fermented beverage of plant extracts was prepared from the extracts of approximately 50 types of vegetables and fruits. Natural fermentation was carried out mainly by lactic acid bacteria (Leuconostoc spp.) and yeast (Zygosaccharomyces spp. and Pichia spp.). Two oligosaccharides containing an α-fructofuranoside linkage were detected in this beverage and isolated using carbon–Celite column chromatography and preparative HPLC. The structural confirmation of the saccharides was determined by methylation analysis, MALDI-TOF-MS, and NMR measurements. These saccharides were identified as α-d-fructofuranosyl-(2→6)-d-glucopyranose, which was isolated from a natural source for the first time, and a novel saccharide β-d-fructopyranosyl-(2→6)-α-d-fructofuranosyl-(2↔1)-α-d-glucopyranoside
NMR Analysis of Oligosaccharides Containing Fructopyranoside
This review focuses on the NMR methods for the oligosaccharides containing fructopyranoside that were previously isolated from the fermented beverage of an extract from 50 kinds of fruits and vegetables. The ^1H and ^C-NMR signals of each saccharide were assigned using 2D-NMR including COSY, HSQC, HSQC-TOCSY, CH_2-selected HSQC-TOCSY, and CT (constant time)-HMBC. The fructose in pyranosyl form showed different ^C chemical shifts from those of furanosyl form. Further confirmation of the pyranosyl form could be obtained from the HMBC correlation peak between C-2 and H-6 of fructose residue (Fru), whereas the C-2 of Fru in furanosyl form chould give the HMBC correlation peak between H-5 of Fru. Problems encountered were signal overlapping of protons and low peak separation. The key correlation peak between C-2 and H-6 of Fru was overlapped by the correlation peak indicating a glycosidic linkage between the C-2 of Fru and the H-6 of the glucose residue (Glc, or Glc’). These were solved using HSQC and CT-HMBC spectra rather than HMQC and conventional HMBC spectra, which have an inherent broad-line-shape in the carbon dimension