Semi-supervised Conditional GAN for Simultaneous Generation and Detection of Phishing URLs: A Game theoretic Perspective

Spear Phishing is a type of cyber-attack where the attacker sends hyperlinks through email on well-researched targets. The objective is to obtain sensitive information such as name, credentials, credit card numbers, or other crucial data by imitating oneself as a trustworthy website. According to a recent report, phishing incidents nearly doubled in frequency in 2020. In recent times, machine learning techniques have become the standard for defending against such attacks. Many augmentations have been made for improving the existing architectures, such as Convolutional Networks, Recurrent Networks, and Generative Adversarial Networks. However, these architectures were designed with only defense in mind. Moreover, the attacker's perspective and motivation are absent while creating such training and deployment pipelines. To address this, we need a game-theoretic approach to understand the rational decision-making process of the attacker (Hacker) and the defender (Phishing URL detector). We propose a Conditional Generative Adversarial Network for real-time phishing URL detection. Additionally, we train our architecture in a semi-supervised manner to distinguish between adversarial and real examples, along with detecting malicious and benign URLs. We also design two games between the attacker and defender in training and deployment settings by utilizing the game-theoretic perspective. Our experiments confirm that the proposed architecture surpasses recent state-of-the-art architectures for phishing URLs detection.