SlideShare une entreprise Scribd logo

DeepPhish: Simulating malicious AI

Télécharger en tant que PPTX, PDF
Alejandro Correa Bahnsen, PhD
Alejandro Correa Bahnsen, PhD

In this work we describe how threat actors may use AI algorithms to bypass AI phishing detection systems. We analyzed more than a million phishing URLs to understand the different strategies that threat actors use to create phishing URLs. Assuming the role of an attacker, we simulate how different threat actors may leverage Deep Neural Networks to enhance their effectiveness rate. Using Long Short-Term Memory Networks, we created DeepPhish, an algorithm that learns to create better phishing attacks. By training the DeepPhish algorithm for two different threat actors, they were able to increase their effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.

Données & analyses
1  sur  25
DeepPhish Simulating Malicious AI IvanTorroledo – Lead Data Scientist Alejandro Correa Bahnsen –VP, Research Luis Camacho – Lead Research Data Architect
CYXTERA TECHNOLOGIES 2  Portfolio of cybersecurity software and services  Intelligent and adaptive  Cloud-native and hybrid-ready  Global colocation leader  57 data centers in 29 global markets  2.6M sq. feet of data center space  195 megawatts of power  3,500 customers  1,100 employees  Headquartered in Miami with offices globally  Experienced leadership in infrastructure and security CyxteraTechnologies
CYXTERA TECHNOLOGIES 3 80 % of cyber crimes are being committed by sophisticated attackers The total USA market for cyber insurance is 3B in 2017
CYXTERA TECHNOLOGIES 4
CYXTERA TECHNOLOGIES 5
CYXTERA TECHNOLOGIES AI to Classify Phishing URLs 6  Identify & Classify Malicious URLs and Domains with Prediction - Not Blacklists.  The system calculates the probability of a URL being used to host a phishing attacks using Deep Neural Networks. It correctly classify URLs with over 98% of accuracy.
CYXTERA TECHNOLOGIES Long-Short Term Memory Networks 7 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … Embedding 3.2 1.2 … 1.7 6.4 2.3 … 2.6 6.4 3.0 … 1.7 3.4 2.6 … 3.4 2.6 3.8 … 2.6 3.5 3.2 … 6.4 1.7 4.2 … 6.4 8.6 2.4 … 6.4 4.3 2.9 … 6.4 2.2 3.4 … 3.4 3.2 2.6 … 2.6 4.2 2.2 … 3.5 2.4 3.2 … 1.7 2.9 1.7 … 8.6 3.0 6.4 … 2.6 2.6 6.4 … 3.8 3.8 3.4 … 3.2 3.3 2.6 … 2.2 3.1 2.2 … 2.9 1.8 3.2 … 3.0 2.5 6.4 … 2.6 LSTM LSTM LSTM LSTM Sigmoid …
CYXTERA TECHNOLOGIES 8
CYXTERA TECHNOLOGIES 9
Asthreatactorsimprovetheirattacks,isAIthe newtechnologytheywilluse?
CYXTERA TECHNOLOGIES The Experiment Process Identify individual threat actors Ran them through our own AI detection system Improved their attacks using AI
CYXTERA TECHNOLOGIES Uncovering Threat Actors 12  Objective: We want to understand effective patterns of each attacker to improve them through a AI model  As we can not know them directly, we must learn from them through their attacks  Database with 1.1M confirm phishing URLs collected from Phishtank
CYXTERA TECHNOLOGIES Threat Actor 1 13 naylorantiques.com 406 URLs http://naylorantiques.com/components/com_contact/vi ews/contact/tmpl/62 http://naylorantiques.com/docs/Auto/Atendimento/5BB ROPI6S3 http://naylorantiques.com/Atualizacao Segura/pictures/XG61YYMT_FXW0PWR8_5P2O7T2U_P9H NDPQR/ http://naylorantiques.com/zifn3p72bsifn9hx9ldecd8jzl2f0 xlwf8f http://www.naylorantiques.com/JavaScript/charset=iso- 8859-1/http-equiv/margin-bottom Keywords atendimento, jsf, identificacao, ponents, views, TV, mail, SHOW, COMPLETO, VILLA, MIX, ufi, pnref, story, tryy2ilr, Autentico 106 domains naylorantiques.com, netshelldemos.com, debbiebright.co.z, waldronfamilygppractice.co.uk , avea-vacances.com , psncodes2013.com uni5.net , 67.228.96.204, classificadosmaster.com.br, ibjjf.org Visual Check Check in database Visual Check
CYXTERA TECHNOLOGIES Threat Actor 2 14 vopus.org 13 URLs http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust http://www.vopus.org/ru/media/tdcanadatrust/index.html http://vopus.org/common/index.htm http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust/index.html http://vopus.org/descargas/otros/tdcanadatrust/index.html Keyword tdcanadatrust/index.html 19 domains friooptimo.com, kramerelementary.org, kalblue.com, vopus.org, artwood.co.kr, stephenpizzuti.com, heatherthinks.com, corvusseo.com, natikor.by, optioglobal.com, backfire.se, fncl.ma, greenant.de, mersintenisakademisi.com, cavtel.net Visual Check Check in database Visual Check
CYXTERA TECHNOLOGIES Threat Actors Efficiency 15 0.24% 0.69% 4.91% All Attacks (1,146,441) Threat Actor 1 (1,009) Threat Actor 2 (102)
SimulatingMaliciousAI
CYXTERA TECHNOLOGIES DeepPhish Algorithm - Training 17 Non Effective URLs Effective URLs Encoding … … … … … Model Az Rolling Window Concatenate andcreate Transform Train http://www.naylorantiques.com/content/centrais/fone_facil http://kisanart.com/arendivento/menu-opcoes-fone-facil/ http://naylorantiques.com/atendimento/menu-opcoes-fone-facil/3 http://www.naylorantiques.com/content/centr ais/fone_facilhttp://kisanart.com/arendivento/ menu-opcoes-fone- facil/http://naylorantiques.com/atendimento/ menu-opcoes-fone-facil/3
CYXTERA TECHNOLOGIES DeepPhish LSTM Network 18 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … LSTM LSTM LSTM LSTM Softmax … tanH tanH tanH tanH …
CYXTERA TECHNOLOGIES DeepPhish Algorithm – Prediction 19 Compromised Domains Allowed Paths + Model Filterpaths Predict Next Character Iteratively Synthetic URLs /arendipemto/nenu-opcines-fone-facil vfone/faci/Atondime+ http:// + www.naylorantiques.com + /arendipemto/nenu-opcines-fone-facilvone/facil/Atondime Create
CYXTERA TECHNOLOGIES Simulating Malicious AI using DeepPhish 20  We selected the two most effective threat actors.With each subsample of effective URLs by threat actor, we implemented DeepPhish algorithm.
CYXTERA TECHNOLOGIES TraditionalAttacksvs.AI-DrivenAttacks 21 0.69% 20.90% Traditional DeepPhish 4.91% 36.28% Traditional DeepPhish Threat Actor 1 Threat Actor 2
CYXTERA TECHNOLOGIES Takeaways! 22 AIenhancesattackersefficiencies ML and AI driven detection systems Deep Adversarial Learning Relentless monitoring Multi-layered approach to anti- fraud
CYXTERA TECHNOLOGIES 23 The Power of Adversary AI  More & Better Phishing Attacks Increasingly Powerful Self-Spreading Malware Weaken Authentication Controls Cheat Rule-based Transaction Monitoring
CYXTERA TECHNOLOGIES 24  1-Minute ResearchVideo Brief  2 Page Research Summary  Slides (Extended Version)  Academic paper AIvs.AI:CanPredictiveModelsStoptheTideofHackerAI? www.easysol.net/ai-project
www.cyxtera.com IvanTorroledo – ivan.torroledo@cyxtera.com Alejandro Correa Bahnsen – alejandro.correa@cyxtera.com Luis Camacho – luis.camacho@cyxtera.com

Recommandé

black hat deephish
black hat deephishblack hat deephish
black hat deephishAlejandro Correa Bahnsen, PhD
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
Classifying Phishing URLs Using Recurrent Neural Networks
Classifying Phishing URLs Using Recurrent Neural NetworksClassifying Phishing URLs Using Recurrent Neural Networks
Classifying Phishing URLs Using Recurrent Neural NetworksAlejandro Correa Bahnsen, PhD
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken MalwareSecurityMetrics
 
Intelligent Application Security
Intelligent Application SecurityIntelligent Application Security
Intelligent Application SecurityPriyanka Aash
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitationn|u - The Open Security Community
 
InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017Ettore Fantin
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 

Recommandé

black hat deephish
black hat deephishblack hat deephish
black hat deephishAlejandro Correa Bahnsen, PhD
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
Classifying Phishing URLs Using Recurrent Neural Networks
Classifying Phishing URLs Using Recurrent Neural NetworksClassifying Phishing URLs Using Recurrent Neural Networks
Classifying Phishing URLs Using Recurrent Neural NetworksAlejandro Correa Bahnsen, PhD
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken MalwareSecurityMetrics
 
Intelligent Application Security
Intelligent Application SecurityIntelligent Application Security
Intelligent Application SecurityPriyanka Aash
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitationn|u - The Open Security Community
 
InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017Ettore Fantin
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence PackageMike Maziarka
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Fle f04 mishra-v0.9
Fle f04 mishra-v0.9Fle f04 mishra-v0.9
Fle f04 mishra-v0.9Minatee Mishra
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBharat Sabne
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection SumanthKommineni
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationIntel IT Center
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defenseDATA SECURITY SOLUTIONS
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 

Contenu connexe

Tendances

Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence PackageMike Maziarka
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationIntel IT Center
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 

Tendances (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ Vikjava
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Fle f04 mishra-v0.9
Fle f04 mishra-v0.9Fle f04 mishra-v0.9
Fle f04 mishra-v0.9
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security Trends
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User Authentication
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration Overview
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 

Similaire à DeepPhish: Simulating malicious AI

61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAnumadil1
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGNathan Mathis
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu UbaidhullahEthical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullahpongada123
 
MetaCert Security Sales Deck
MetaCert Security Sales DeckMetaCert Security Sales Deck
MetaCert Security Sales DeckPaul Walsh
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 

Similaire à DeepPhish: Simulating malicious AI (20)

The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-study
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKING
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu UbaidhullahEthical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullah
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
MetaCert Security Sales Deck
MetaCert Security Sales DeckMetaCert Security Sales Deck
MetaCert Security Sales Deck
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 

Plus de Alejandro Correa Bahnsen, PhD

How I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsHow I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsAlejandro Correa Bahnsen, PhD
 
Fraud Detection by Stacking Cost-Sensitive Decision Trees
Fraud Detection by Stacking Cost-Sensitive Decision TreesFraud Detection by Stacking Cost-Sensitive Decision Trees
Fraud Detection by Stacking Cost-Sensitive Decision TreesAlejandro Correa Bahnsen, PhD
 
Maximizing a churn campaigns profitability with cost sensitive machine learning
Maximizing a churn campaigns profitability with cost sensitive machine learningMaximizing a churn campaigns profitability with cost sensitive machine learning
Maximizing a churn campaigns profitability with cost sensitive machine learningAlejandro Correa Bahnsen, PhD
 
Fraud Detection with Cost-Sensitive Predictive Analytics
Fraud Detection with Cost-Sensitive Predictive AnalyticsFraud Detection with Cost-Sensitive Predictive Analytics
Fraud Detection with Cost-Sensitive Predictive AnalyticsAlejandro Correa Bahnsen, PhD
 
PhD Defense - Example-Dependent Cost-Sensitive Classification
PhD Defense - Example-Dependent Cost-Sensitive ClassificationPhD Defense - Example-Dependent Cost-Sensitive Classification
PhD Defense - Example-Dependent Cost-Sensitive ClassificationAlejandro Correa Bahnsen, PhD
 
Ensembles of example dependent cost-sensitive decision trees slides
Ensembles of example dependent cost-sensitive decision trees slidesEnsembles of example dependent cost-sensitive decision trees slides
Ensembles of example dependent cost-sensitive decision trees slidesAlejandro Correa Bahnsen, PhD
 
Fraud analytics detección y prevención de fraudes en la era del big data sl...
Fraud analytics detección y prevención de fraudes en la era del big data sl...Fraud analytics detección y prevención de fraudes en la era del big data sl...
Fraud analytics detección y prevención de fraudes en la era del big data sl...Alejandro Correa Bahnsen, PhD
 
Maximizing a churn campaign’s profitability with cost sensitive predictive an...
Maximizing a churn campaign’s profitability with cost sensitive predictive an...Maximizing a churn campaign’s profitability with cost sensitive predictive an...
Maximizing a churn campaign’s profitability with cost sensitive predictive an...Alejandro Correa Bahnsen, PhD
 
Example-Dependent Cost-Sensitive Credit Card Fraud Detection
Example-Dependent Cost-Sensitive Credit Card Fraud DetectionExample-Dependent Cost-Sensitive Credit Card Fraud Detection
Example-Dependent Cost-Sensitive Credit Card Fraud DetectionAlejandro Correa Bahnsen, PhD
 
2013 credit card fraud detection why theory dosent adjust to practice
2013 credit card fraud detection why theory dosent adjust to practice2013 credit card fraud detection why theory dosent adjust to practice
2013 credit card fraud detection why theory dosent adjust to practiceAlejandro Correa Bahnsen, PhD
 

Plus de Alejandro Correa Bahnsen, PhD (16)

How I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsHow I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data Products
 
Fraud Detection by Stacking Cost-Sensitive Decision Trees
Fraud Detection by Stacking Cost-Sensitive Decision TreesFraud Detection by Stacking Cost-Sensitive Decision Trees
Fraud Detection by Stacking Cost-Sensitive Decision Trees
 
Maximizing a churn campaigns profitability with cost sensitive machine learning
Maximizing a churn campaigns profitability with cost sensitive machine learningMaximizing a churn campaigns profitability with cost sensitive machine learning
Maximizing a churn campaigns profitability with cost sensitive machine learning
 
Demystifying machine learning using lime
Demystifying machine learning using limeDemystifying machine learning using lime
Demystifying machine learning using lime
 
1609 Fraud Data Science
1609 Fraud Data Science1609 Fraud Data Science
1609 Fraud Data Science
 
Modern Data Science
Modern Data ScienceModern Data Science
Modern Data Science
 
Fraud Detection with Cost-Sensitive Predictive Analytics
Fraud Detection with Cost-Sensitive Predictive AnalyticsFraud Detection with Cost-Sensitive Predictive Analytics
Fraud Detection with Cost-Sensitive Predictive Analytics
 
PhD Defense - Example-Dependent Cost-Sensitive Classification
PhD Defense - Example-Dependent Cost-Sensitive ClassificationPhD Defense - Example-Dependent Cost-Sensitive Classification
PhD Defense - Example-Dependent Cost-Sensitive Classification
 
Ensembles of example dependent cost-sensitive decision trees slides
Ensembles of example dependent cost-sensitive decision trees slidesEnsembles of example dependent cost-sensitive decision trees slides
Ensembles of example dependent cost-sensitive decision trees slides
 
Fraud analytics detección y prevención de fraudes en la era del big data sl...
Fraud analytics detección y prevención de fraudes en la era del big data sl...Fraud analytics detección y prevención de fraudes en la era del big data sl...
Fraud analytics detección y prevención de fraudes en la era del big data sl...
 
Analytics - compitiendo en la era de la informacion
Analytics - compitiendo en la era de la informacionAnalytics - compitiendo en la era de la informacion
Analytics - compitiendo en la era de la informacion
 
Maximizing a churn campaign’s profitability with cost sensitive predictive an...
Maximizing a churn campaign’s profitability with cost sensitive predictive an...Maximizing a churn campaign’s profitability with cost sensitive predictive an...
Maximizing a churn campaign’s profitability with cost sensitive predictive an...
 
Example-Dependent Cost-Sensitive Credit Card Fraud Detection
Example-Dependent Cost-Sensitive Credit Card Fraud DetectionExample-Dependent Cost-Sensitive Credit Card Fraud Detection
Example-Dependent Cost-Sensitive Credit Card Fraud Detection
 
2012 predictive clusters
2012 predictive clusters2012 predictive clusters
2012 predictive clusters
 
2013 credit card fraud detection why theory dosent adjust to practice
2013 credit card fraud detection why theory dosent adjust to practice2013 credit card fraud detection why theory dosent adjust to practice
2013 credit card fraud detection why theory dosent adjust to practice
 
2011 advanced analytics through the credit cycle
2011 advanced analytics through the credit cycle2011 advanced analytics through the credit cycle
2011 advanced analytics through the credit cycle
 

Dernier

Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 

Dernier (20)

Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 

DeepPhish: Simulating malicious AI

  • 1. DeepPhish Simulating Malicious AI IvanTorroledo – Lead Data Scientist Alejandro Correa Bahnsen –VP, Research Luis Camacho – Lead Research Data Architect
  • 2. CYXTERA TECHNOLOGIES 2  Portfolio of cybersecurity software and services  Intelligent and adaptive  Cloud-native and hybrid-ready  Global colocation leader  57 data centers in 29 global markets  2.6M sq. feet of data center space  195 megawatts of power  3,500 customers  1,100 employees  Headquartered in Miami with offices globally  Experienced leadership in infrastructure and security CyxteraTechnologies
  • 3. CYXTERA TECHNOLOGIES 3 80 % of cyber crimes are being committed by sophisticated attackers The total USA market for cyber insurance is 3B in 2017
  • 6. CYXTERA TECHNOLOGIES AI to Classify Phishing URLs 6  Identify & Classify Malicious URLs and Domains with Prediction - Not Blacklists.  The system calculates the probability of a URL being used to host a phishing attacks using Deep Neural Networks. It correctly classify URLs with over 98% of accuracy.
  • 7. CYXTERA TECHNOLOGIES Long-Short Term Memory Networks 7 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … Embedding 3.2 1.2 … 1.7 6.4 2.3 … 2.6 6.4 3.0 … 1.7 3.4 2.6 … 3.4 2.6 3.8 … 2.6 3.5 3.2 … 6.4 1.7 4.2 … 6.4 8.6 2.4 … 6.4 4.3 2.9 … 6.4 2.2 3.4 … 3.4 3.2 2.6 … 2.6 4.2 2.2 … 3.5 2.4 3.2 … 1.7 2.9 1.7 … 8.6 3.0 6.4 … 2.6 2.6 6.4 … 3.8 3.8 3.4 … 3.2 3.3 2.6 … 2.2 3.1 2.2 … 2.9 1.8 3.2 … 3.0 2.5 6.4 … 2.6 LSTM LSTM LSTM LSTM Sigmoid …
  • 11. CYXTERA TECHNOLOGIES The Experiment Process Identify individual threat actors Ran them through our own AI detection system Improved their attacks using AI
  • 12. CYXTERA TECHNOLOGIES Uncovering Threat Actors 12  Objective: We want to understand effective patterns of each attacker to improve them through a AI model  As we can not know them directly, we must learn from them through their attacks  Database with 1.1M confirm phishing URLs collected from Phishtank
  • 13. CYXTERA TECHNOLOGIES Threat Actor 1 13 naylorantiques.com 406 URLs http://naylorantiques.com/components/com_contact/vi ews/contact/tmpl/62 http://naylorantiques.com/docs/Auto/Atendimento/5BB ROPI6S3 http://naylorantiques.com/Atualizacao Segura/pictures/XG61YYMT_FXW0PWR8_5P2O7T2U_P9H NDPQR/ http://naylorantiques.com/zifn3p72bsifn9hx9ldecd8jzl2f0 xlwf8f http://www.naylorantiques.com/JavaScript/charset=iso- 8859-1/http-equiv/margin-bottom Keywords atendimento, jsf, identificacao, ponents, views, TV, mail, SHOW, COMPLETO, VILLA, MIX, ufi, pnref, story, tryy2ilr, Autentico 106 domains naylorantiques.com, netshelldemos.com, debbiebright.co.z, waldronfamilygppractice.co.uk , avea-vacances.com , psncodes2013.com uni5.net , 67.228.96.204, classificadosmaster.com.br, ibjjf.org Visual Check Check in database Visual Check
  • 14. CYXTERA TECHNOLOGIES Threat Actor 2 14 vopus.org 13 URLs http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust http://www.vopus.org/ru/media/tdcanadatrust/index.html http://vopus.org/common/index.htm http://www.vopus.org/es/images/cursos/thumbs/tdcanadatr ust/index.html http://vopus.org/descargas/otros/tdcanadatrust/index.html Keyword tdcanadatrust/index.html 19 domains friooptimo.com, kramerelementary.org, kalblue.com, vopus.org, artwood.co.kr, stephenpizzuti.com, heatherthinks.com, corvusseo.com, natikor.by, optioglobal.com, backfire.se, fncl.ma, greenant.de, mersintenisakademisi.com, cavtel.net Visual Check Check in database Visual Check
  • 15. CYXTERA TECHNOLOGIES Threat Actors Efficiency 15 0.24% 0.69% 4.91% All Attacks (1,146,441) Threat Actor 1 (1,009) Threat Actor 2 (102)
  • 17. CYXTERA TECHNOLOGIES DeepPhish Algorithm - Training 17 Non Effective URLs Effective URLs Encoding … … … … … Model Az Rolling Window Concatenate andcreate Transform Train http://www.naylorantiques.com/content/centrais/fone_facil http://kisanart.com/arendivento/menu-opcoes-fone-facil/ http://naylorantiques.com/atendimento/menu-opcoes-fone-facil/3 http://www.naylorantiques.com/content/centr ais/fone_facilhttp://kisanart.com/arendivento/ menu-opcoes-fone- facil/http://naylorantiques.com/atendimento/ menu-opcoes-fone-facil/3
  • 18. CYXTERA TECHNOLOGIES DeepPhish LSTM Network 18 URL h t t p : / / w w w . p a p a y a . c o m One hot Encoding … … … … … … … … … … … … … … … … … … … … … LSTM LSTM LSTM LSTM Softmax … tanH tanH tanH tanH …
  • 19. CYXTERA TECHNOLOGIES DeepPhish Algorithm – Prediction 19 Compromised Domains Allowed Paths + Model Filterpaths Predict Next Character Iteratively Synthetic URLs /arendipemto/nenu-opcines-fone-facil vfone/faci/Atondime+ http:// + www.naylorantiques.com + /arendipemto/nenu-opcines-fone-facilvone/facil/Atondime Create
  • 20. CYXTERA TECHNOLOGIES Simulating Malicious AI using DeepPhish 20  We selected the two most effective threat actors.With each subsample of effective URLs by threat actor, we implemented DeepPhish algorithm.
  • 22. CYXTERA TECHNOLOGIES Takeaways! 22 AIenhancesattackersefficiencies ML and AI driven detection systems Deep Adversarial Learning Relentless monitoring Multi-layered approach to anti- fraud
  • 23. CYXTERA TECHNOLOGIES 23 The Power of Adversary AI  More & Better Phishing Attacks Increasingly Powerful Self-Spreading Malware Weaken Authentication Controls Cheat Rule-based Transaction Monitoring
  • 24. CYXTERA TECHNOLOGIES 24  1-Minute ResearchVideo Brief  2 Page Research Summary  Slides (Extended Version)  Academic paper AIvs.AI:CanPredictiveModelsStoptheTideofHackerAI? www.easysol.net/ai-project
  • 25. www.cyxtera.com IvanTorroledo – ivan.torroledo@cyxtera.com Alejandro Correa Bahnsen – alejandro.correa@cyxtera.com Luis Camacho – luis.camacho@cyxtera.com

Notes de l'éditeur

  1. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  2. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  3. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  4. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  5. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  6. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  7. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  8. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  9. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  10. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  11. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
  12. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.