Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models with Fredrik Heiding

Channel:
United States ITSPmagazine
Subscribers:
4,540
Published on ● Video Link: https://www.youtube.com/watch?v=nM8ZVyyr8xg


Category:
Show
Duration: 34:31
74 views
0

Guest: Fredrik Heiding, Research Fellow at Harvard University [@Harvard]

On Linkedin | https://www.linkedin.com/in/fheiding/
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

Island.io | https://itspm.ag/island-io-6b5ffd

____________________________

Episode Notes

In this Chats on the Road to Black Hat USA, hosts Sean and Marco discuss the use of AI in hacking and cybersecurity with guest Frederick Heiding, specifically large language models, such as GPT-3 and GPT-4 (ChatGPT). They explore the concept of using AI to create realistic phishing emails that are difficult to detect, and how cybercriminals can exploit this technology to deceive individuals and organizations.

The episode also looks at the ease with which AI can generate content that appears real, making it a powerful tool in the hands of attackers. The trio discuss the potential dangers of AI-powered phishing emails and the need for more sophisticated spam filters that can accurately detect the intent of these emails, providing more granular information and recommended actions for users.

Throughout the episode, there is a recognition of AI as a tool that can be used for both good and bad purposes, emphasizing the importance of ethics and the ongoing race between cybercriminals and cybersecurity professionals. The conversation also touches on the positive applications of AI in detecting and preventing phishing attacks, showcasing the efforts of the "good guys" in the cybersecurity world. They discuss the potential for AI to help in blocking phishing emails and providing more granular information and recommended actions for users.

About the Session

AI programs, built using large language models, make it possible to automatically create realistic phishing emails based on a few data points about a user. They stand in contrast to "traditional" phishing emails that hackers design using a handful of general rules they have gleaned from experience.The V-Triad is an inductive model that replicates these rules. In this study, we compare users' suspicion towards emails created automatically by GPT-4 and created using the V-triad. We also combine GPT-4 with the V-triad to assess their combined potential. A fourth group, exposed to generic phishing emails created without a specific method, was our control group. We utilized a factorial approach, targeting 200 randomly selected participants recruited for the study. First, we measured the behavioral and cognitive reasons for falling for the phish. Next, the study trained GPT-4 to detect the phishing emails created in the study after having trained it on the extensive cybercrime dataset hosted by Cambridge. We hypothesize that the emails created by GPT-4 will yield a similar click-through rate as those created using V-Triad. We further believe that the combined approach (using the V-triad to feed GPT-4) will significantly increase the success rate of GPT-4, while GPT-4 will be relatively skilled in detecting both our phishing emails and its own.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____________________________

Resources

Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails): https://www.blackhat.com/us-23/briefings/schedule/#devising-and-detecting-phishing-large-language-models-gpt-gpt-vs-smaller-human-models-v-triad-generic-emails-31659

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships



Other Videos By ITSPmagazine


2023-08-03Exploitation of Humans by AI Assistants | A Conversation with Matthew Canham and Ben Sawyer
2023-08-03Your two favorite cyber chicks are BACK! | 2 Cyber Chicks Podcast With Erika McDuffie And Jax Scott
2023-08-03I Was Tasked With Enrolling Millions of Developers in 2FA - Here's What Happened at GitHub
2023-08-02Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities with Pedro Adão and Marco Squarcina
2023-08-01BOOK | All Pride, No Ego: A Queer Executive’s Journey to Living and Leading Authentically
2023-08-01Aerospace Village: Build—Inspire—Promote | A Hacker Summer Camp 2023 Event Coverage Conversation
2023-08-01Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites w/Johannes Willbold
2023-08-01Why be a Mentor | A Conversation With David Tyler | Tech Done Different Podcast
2023-08-01Unleashing End-User Productivity Through Secure Browsing: What is the Enterprise Browser?
2023-08-01How to Navigate Compliance vs. Security Conundrum with Ian Hill | Secure Your Strategy Podcast
2023-07-31Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models with Fredrik Heiding
2023-07-27Embracing Diversity in Cybersecurity SquadCon Las Vegas '23 Redefines Inclusion in Infosec Industry
2023-07-26The Art of Building Security Products: Balancing Innovation and User-Friendly Design
2023-07-25Thinking Like a Bad Guy | A Conversation With Ethan Dietrich | Tech Done Different Podcast
2023-07-22To the Stars, the Algorithms, and Beyond A Human Journey of Self Discovery through Technology
2023-07-21How Artificial Intelligence is revolutionizing search engines & reshaping our access to information
2023-07-21Understand, Manage, Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program
2023-07-19A Carbon, a Silicon, and a Cell, walk into a bar... | A Redefining Society Podcast Series
2023-07-19Who are Nation-State Threats | A Conversation With Brian Contos | Tech Done Different Podcast
2023-07-19How to Lead Security in the AI/ML Era with Paul Watts | Secure Your Strategy Podcast
2023-07-19The Art of Networking, Digital Junk & Avoiding The Motivational Trap | Conversation w/ Daniel Okoro


Tags:
AI
hacking
cybersecurity
large language models
phishing emails
cybercriminals
ethical use
spam filters
granular information
recommended actions
positive applications
detecting
preventing
evolving landscape
power
dark side
battle of wits
deception
ethical considerations
ethics