Phish 'n Chips
Phishing is an attack where a victim receives a malicious email, which seems legitimate. The email will contain links or attachments which may contain malware, aimed to harm the victim by collecting private information or destroying data.
Phishing attacks are still a major source of threats, as they result in yearly losses of £314 million for large enterprises. Individuals are affected as well, as these attacks compromise personal data and allow for attackers to steal passwords and usernames.
We were therefore inspired to develop an application which can provide a solution for this problem.
What it does
Our application is an entire toolkit against phishing and has several different features. We explain these below:
The application has a general information page, explaining what phishing is and what someone can do to prevent falling victim to these attacks.
In the 'quiz' section, users are presented with emails and are asked to judge whether or not it is a phishing email. It keeps track of the answers and presents results in the 'statistics' section.
This section shows the number of right and wrong answers given in the 'quiz' section. The user can then keep track if he/she is improving in detecting phishing emails.
Phishing mail scanner
This feature allows a user to take a photo an email and receive immediately feedback on whether or not it is a phishing email.
Phishing mail upload
In case a user receives a suspicious email or SMS on the phone, it is possible to take a screenshot of this message and upload it. Similar to the scanner, it will inform whether or not is a phishing email.
For the app to keep track of individual statistics and records, there is a login function.
Tip of the day
Lastly, upon logging in, the user is presented with a tip of the day to prevent phishing. For example: 'When suddenly asked to make a payment for your employer/boss, verbally confirm with him/her.'
How we built it
The front end makes use of Ionic and Angular. Upon making a photo of an email, a base64 encoded version of the email sent to the backend. This backend, built with Django and Python, uses Optical Character Recognition (OCR) to extract the text from the photo.
Next, the words from the email are converted to high dimensional vectors (so that the computer can read it). These vectors are fed into a neural classifier, which makes use of 1 dimensional convolutions and recurrent memory units to remember temporal patterns. The classifier predicts whether the email is phishing or not. The model was tested on 1,115 emails and is 98% accurate. The output of the classifier is sent back to the user.
Challenges we ran into
We had difficulty finding a dataset of phishing emails. For security reasons these email are not quickly published. Shady datasets were often blocked by the anti-virus, since often these emails have malicious attachments.
We also took some time integrating the different components of the app.
Accomplishments that we're proud of
We built a complete app with a very advanced machine learning algorithm in the backend.
What we learned
What's next for Phish 'n Chips