Spear Phishing is a type of cyber-attack where the attacker sends hyperlinks through email on well-researched targets. The objective is to obtain sensitive information such as name, credentials, credit card numbers, or other crucial data by imitating oneself as a trustworthy website. According to a recent report, phishing incidents nearly doubled in frequency in 2020. In recent times, machine learning techniques have become the standard for defending against such attacks. Many augmentations have been made for improving the existing architectures, such as Convolutional Networks, Recurrent Networks, and Generative Adversarial Networks. However, these architectures were designed with only defense in mind. Moreover, the attacker's perspective and motivation are absent while creating such training and deployment pipelines. To address this, we need a game-theoretic approach to understand the rational decision-making process of the attacker (Hacker) and the defender (Phishing URL detector). We propose a Conditional Generative Adversarial Network for real-time phishing URL detection. Additionally, we train our architecture in a semi-supervised manner to distinguish between adversarial and real examples, along with detecting malicious and benign URLs. We also design two games between the attacker and defender in training and deployment settings by utilizing the game-theoretic perspective. Our experiments confirm that the proposed architecture surpasses recent state-of-the-art architectures for phishing URLs detection.
翻译:Spear Phishing是一种网络攻击,攻击者通过电子邮件在经过仔细研究的目标上发送超文本链接。 目标是通过模仿自己成为一个值得信赖的网站来获取敏感信息, 如姓名、 证书、 信用卡号码或其他关键数据。 根据最近的一份报告, 2020年的网钓事件频率几乎翻了一番。 近些年来, 机器学习技术已成为防范此类袭击的标准。 许多增强功能都是为了改进现有结构, 如 Convolutional Networks、 经常网络 和 Genemental Adversarial Networks 。 然而, 这些结构的设计仅以防御为目的。 此外, 在创建这种培训和部署管道时,攻击者的观点和动机都不存在。 要解决这个问题,我们需要一种游戏理论方法来理解攻击者( Hacker) 和 防御者( Phishing URM 探测器) 的合理决策程序。 我们提议建立一个虚拟的Gental Generation Adversarial Network 网络, 用于实时网络检测。 此外, 我们用一个半超固的游戏的游戏和智能游戏模型来训练我们的架构结构, 来区分我们真实的游戏的游戏的游戏和防御和防御和防御和防御结构。