Introduction: CACTER AI Lab will continue to explore and apply AI large models, update and iterate the detection capabilities of new malicious emails, maintain the steady improvement of anti-spam quality, and protect users’ email security.
With the rapid development of artificial intelligence technology, AI has penetrated into all areas of life. AI large models have shown great potential in the field of email security, especially the application in anti-phishing detection, which is gradually showing its unique value.
On April 24, Liu Jiaxiong, senior product manager of CACTER AI Laboratory, shared CACTER AI Laboratory’s exploration of the application potential of AI large models in email anti-phishing detection at a live exchange meeting, mainly discussing its application in identifying phishing emails and improving email detection. safety performance and possibilities for future development directions.
Phishing email analysis based on AI large model
CACTER AI Lab used the Tsinghua ChatGLM large model to conduct experimental analysis on millions of email data and discovered three highlights of the AI large model in phishing email detection:
01. Coverage of common phishing email types
The large AI model has indeed shown a strong ability in identifying and capturing malicious emails, and can identify a variety of phishing emails including link types, social engineering types, image QR code types, and attachment document types. However, large AI models may cause misjudgments in actual operations.
02. Intent extraction and analysis capabilities
The large AI model demonstrates powerful intent extraction and analysis capabilities, which can help identify whether an email has the intention of inducing users to perform certain actions, such as opening attachments or accessing links. This ability can also help us identify the characteristics of whether this email is a phishing email.
03. Multi-language ability
During experiments, the CACTER AI laboratory found that even if there were no phishing samples in specific minor languages in the training samples, the large AI model could still identify phishing emails in certain minor languages in the test set, showing its cross-language detection potential. The assistance of large AI models can help CACTER AI Lab identify and capture phishing emails that attempt to use small languages to bypass the detection engine.
APT attack detection and the potential of multi-modal large models
APT (Advanced Persistent Threat) attacks are usually highly concealed and targeted. The application of large AI models in APT attack detection shows new potential:
01. Combine large models and sandbox products
In order to reduce misjudgments of large AI models and improve detection accuracy, CACTER AI Laboratory proposed a complementary method. Combining large language models with sandbox products, send attachments of emails from unknown senders with suspicious intentions to the sandbox for in-depth inspection to deal with APT attacks and achieve a more comprehensive security protection effect of “1+1>2” .
This strategy aims to achieve effects beyond those of a single system through the synergy of the two systems, thereby more effectively improving the ability to identify malicious emails, reducing misjudgments, and enhancing defense against APT attacks.
02. Exploration of multi-modal large models
Compared with text large models, multi-modal large models can provide richer information data sources, such as text, images, audio data, etc., to support phishing detection. Multimodal large models can also perform comprehensive operations on various types of information and conduct cross-modal correlation analysis.
CACTER AI Lab will use multi-modal large models to detect known phishing emails. The large multi-modal model is not only based on text understanding capabilities, but can also simulate visual analysis and process multimedia content such as images and link landing pages. By analyzing the text content, images in the email, and the appearance of the web page pointed to by the link, the model can make a preliminary judgment and identify the true intention of the email.
Through multi-modal large model analysis, it not only improves the recognition rate of phishing emails, but also enhances the product's adaptability and iteration capabilities to new attack methods.
Confrontational training for attack and defense
The impact of AI on the field of email security must be two-sided. By simulating the attacker's perspective, defenders can better improve their defensive strategies. Attackers can also use large models to iterate their attacks in multiple ways to try to bypass our defenses.
01. Attacker’s application
An attacker may apply large models through three levels:
·Primary application: Use historical attack samples to generate new attack emails in batches to reduce manual operations.
·Mid-level application: Discover the weaknesses of defense products and automatically update attack email templates.
·High-end applications: Use the learning capabilities of large models to gain an in-depth understanding of defense methods, generate attack emails that are more difficult to identify, and iteratively bypass detection engines.
02. Defensive application
As a defender, we can use large AI models to conduct confrontation training and feature mining and other strategies for defense.
·Adversarial training: Use large models for adversarial training to improve the performance of the anti-spam system.
·Feature mining: Analyze new attack samples through large models and quickly update detection logic to adapt to new attacks.
The application of large AI models in email anti-phishing detection is still in the exploratory stage, but its potential is encouraging. With the further development and optimization of technology, AI large models are expected to play a more important role in the field of email security and become an indispensable part of email security protection.
CACTER AI Lab will continue to explore and apply large AI models, update and iterate the detection capabilities of new malicious emails, maintain the steady improvement of anti-spam quality, and protect users’ email security.。
If reprinted, please indicate the original address.
Thank you for your support, I will continue to work hard!
OpenWeChatScan and click on the upper right corner to share.
You may be interested
-
CACTER AI Laboratory: Application of large AI models in the field of email security
-
Document Interpretation | Document No. 88 of the Ministry of Industry and Information Technology was released, emphasizing 7 major tasks and 6 key points
-
Security Update Review | UnitedHealth Group pays ransom to ransomware gang to stop data breach, Microsoft fixes Outlook security alert bug
-
[Alliance News]The 8th China Internet Information Industry Pioneer Forum was successfully held
-
The first “Matrix Cup” official announcement, spreading 20 million to detonate the network security circle
-
Xuanjing Security Random: The number one hacker who decrypts supply chain security intelligence
GIPHY App Key not set. Please check settings