Deep learning offers a promising solution for phishing detection.
In a previous blogpost, we discussed how we use our threat detection methods to identify websites and domains that can cause harm to users and their devices. Furthermore, we expressed how our team of data scientists constantly analyzes a large amount of data traffic (around 1000 billion queries per month) using more than 20 different analysis algorithms and additionally improving the results via human-based inspection.
Our constant research activities drive the technical excellence behind our threat intelligence algorithms. Algorithms which we constantly develop and improve to adapt to the ever-changing threat landscape. In this blogpost we would like to focus on one of our current projects, a project that is highly improving our threat detection technology.
Improving threat detection methods
At cyan, we heavily invest into research projects in order to create in-house threat intelligence know-how that is built into our analysis algorithms. Since more than seven years, we are conducting threat-research together with our research partners SBA, Secure Business Austria and so far, we have participated in more than 5 different research projects together.
One of our recent research projects together with SBA is called “Adaptive AI/ML for Dynamic Cybersecurity Systems” (DynAIsec) and is sponsored by FFG, The Austrian Research Promotion Agency . The research project focuses on developing automated, reliable and accurate methods for threat detection and content categorization using machine learning and artificial intelligence. The goal of the project is to significantly improve usage of deep (machine) learning models in their application to solve different security problems, such as phishing detection.
Traditional phishing detection techniques suffer from the deficiency in performance accuracy and inability to detect unknown attacks despite decades of development and improvement. Motivated to solve these problems, many researchers in the cybersecurity domain have shifted their attention to phishing detection based on deep learning techniques. More specifically, deep learning has emerged as a branch of machine learning that offers a promising solution for phishing detection and has improved phishing detection rates. Although there are still two major obstacles for a wide application in solving various phishing problems:
- Developing a production ready solution requires a significant amount of phishing and legitimate website samples which are often not available.
- Small modifications to a known phishing websites might not be detectable by a “deep detection model”, and same is the case for yet unknown phishing websites.
To overcome these obstacles, our research project explores novel techniques for synthetic data generation which can be used in case of insufficient samples of phishing websites. The project also explores techniques for uncovering new patterns in data that can detect clusters of yet unknown phishing websites.
The project is a part of our mission to constantly deliver leading threat detection technology to our customers, meanwhile staying ahead of the ever-evolving threat landscape.