Akash expressed interest in creating a hack that integrated Machine Learning to assist in catching fraudulent bank transactions. Inspired by this proposal, Alex suggested a new idea that would assist in combating fraud and identity theft directly by tackling the widespread problem of phishing. Having worked as a phishing mitigation specialist for a company that managed phishing reports for large institutions, Alex was more familiar with the technical requirements and the workflow of phishing threat management. Identifying phishing emails and filing incident reports is costly, both in terms of time and money. A solution was needed to keep people safe from phishing threats in a timely and inexpensive manner! And thus, PhisherMan was born.
What it does
PhisherMan is a phishing threat management tool that receives reports of potential phishing threats, quickly filters through spam and automatically files malicious pages in its internal database for further action. When PhisherMan receives a suspicious email, it uses a machine learning algorithm to determine if the email is indeed a phishing threat or spam. If the system determines the email as a phishing threat, it creates and stores it in a database to be handled and mitigated. This saves a lot of time performing manual labor so that serious threats can be identified and addressed as soon as possible.
How we built it
Akash was responsible for creating and training the Deep Learning model as well as stitching the application together and deploying it to the cloud. Alex was responsible for creating the basic backend REST API in Django for management of incidents. Tina and Aariana were responsible for the front-end and graphics. Tech Stack we used:
- Tensorflow for deep learning model
- Django + REST Framework for backend
- React and Material-UI for frontend
- Conda for package management
- Docker for containerization
- Photoshop for logo creation & mockups
- AWS for deployment
- Git (Github) for version control
- Audacity for voice recording
- Sony Vegas Pro for video editing and production
- OBS Studio for demo screen capture
- SQLite for database
Challenges we ran into
Having come from various backgrounds and experience levels, the biggest challenge shared by all team members was learning new tech stacks in an accelerated manner to tackle different aspects of the hack. Aside from that, Akash faced more specific challenges - for example, finding a phishing dataset was quite challenging (after all, they aren’t readily available), as well as ensuring the code was platform agnostic and resolving version conflicts in conda and deployment.
Accomplishments that we're proud of
Managing to complete a project with a remote team of people with vastly different experiences, using our talents in creative ways and learning new technologies at an accelerated pace.
What we learned
Each one of us learned something new in regards to the tech stack. Alex has never worked with Django before and had done web development quite some time ago, making this experience a nice refresher and a dive into a new framework. For Akash, practice with machine learning and usage of new DevOps technologies was a big takeaway from this hack. Tina was able to use her creative side to design mockups and graphics for the front end of the application as well as take a dive into new front end technologies. Aariana built upon her front-end development skills, using React for the first time to create the front-end of the application.
What's next for PhisherMan
In the future, PhisherMan can be expanded to grab the contents of potential phishing threats and identify if they are specifically targeting a protected client, or even a specific individual in case of spear-phishing. If that is the case, PhisherMan will be able to cross-reference previous incidents and classify similar pages as part of the same attack. In addition, PhisherMan’s functionality can be extended to find and classify links as redirects, malicious domains, or hijacked websites. These, in turn, can be automatically managed and addressed through an internal reporting system working closely with internet service providers, registrars and international internet security agencies.