立即打开
网络钓鱼攻击铺天盖地,AI能否成为最后防线?

网络钓鱼攻击铺天盖地,AI能否成为最后防线?

Jonathan Vanian 2021-05-27
Tessian以及其它公司都在尽力改进他们的人工智能,以识别出由更先进的人工智能支撑的网络钓鱼攻击。

许多网络安全公司表示,人工智能可以更好地打击网络钓鱼,即一种常见的黑客攻击手段。

Tessian就是一家这样的公司,其在5月25日表示,它在C轮融资中筹集了6500万美元,目前公司的估值已经达到5亿美元。这轮融资由March Capital领投,参投方包括Accel、Balderton Capital、Latitude Venture Partners、红杉资本(Sequoia Capital)和Schroder Adveq。自八年前成立以来,Tessian共筹集了总计1.37亿美元的资金。

在网络钓鱼攻击过程中,犯罪分子会诱骗不知情的员工点击看似来源合法的电子邮件里的恶意链接。一些最常见的网络钓鱼手段则是黑客以银行或同事的名义发送欺骗性垃圾邮件。

这类黑客攻击手段在新冠疫情期间尤为普遍,骗子向人们大量发送声称来自于美国疾病控制与预防中心(Centers for Disease Control and Prevention)以及其它应对全国性疫情的相关组织的欺骗性信息。

IronScales和Vade Secure等数家网络安全初创公司正在借助机器学习来识别钓鱼邮件。风险投资者认为,这些初创企业有望成为大型企业。

Tessian的联合创始人及首席执行官蒂姆•萨德勒表示,为了建立相关模型,他们会先收集分析公司的电子邮件数据,比如员工用于联系客户的常用邮箱地址。然后,他们会使用这些数据来训练机器学习模型,该模型能够在员工点开新的电子邮件前事先扫描它们并标记出可疑邮件。

机器学习系统还会阐述怀疑原因,例如电子邮件中附有一条陌生网络链接或员工姓名拼写错误。Tessian的联合创始人及首席技术官埃德•毕晓普解释说,如果员工们通常叫经理Cliff,但某封电子邮件称其为Clifton, 那么Tessian的技术可能就会识别出这种异常。

萨德勒承认,“机器学习系统仍然存在许多缺陷”,有时候该公司的人工智能会将合法邮件错误标记为欺诈邮件。但他表示,Tessian一直在努力避免该软件错误标记真实邮件的次数过多。

萨德勒说,总部位于伦敦的Tessian计划将一部分最新融资用于招聘,争取将员工人数从170人增加到220人,再到今年年底的250人。该公司还计划改进其技术,扩大识别范围到其它通信服务领域(比如短信或办公聊天软件)的网络钓鱼攻击。

试图打击网络钓鱼的公司所面临的一大挑战是,随着自然语言处理技术的发展,钓鱼邮件越来越像真实邮件了。自然语言处理是人工智能的一个子领域,是指机器理解并解释人类写作、说话方式的能力。毕晓普表示,随着优秀的语言模型的进步,例如由人工智能公司OpenAI训练与开发的GPT-3模型(Generative Pretrained Transformer-3,第三代生成式预训练转换器——译注),犯罪分子打造针对特定收件人的个性化钓鱼邮件时的难度会变得更低。比如,这样的电子邮件可能会包含人工智能生成的信息,其写作风格类似于员工老板,导致辨别真假的难度更高。

因此,Tessian以及其它公司都在尽力改进他们的人工智能,以识别出由更先进的人工智能支撑的网络钓鱼攻击,这种攻击有朝一日可能会“像垃圾邮件一样普遍”,毕晓普说。(财富中文网)

译者:Claire

许多网络安全公司表示,人工智能可以更好地打击网络钓鱼,即一种常见的黑客攻击手段。

Tessian就是一家这样的公司,其在5月25日表示,它在C轮融资中筹集了6500万美元,目前公司的估值已经达到5亿美元。这轮融资由March Capital领投,参投方包括Accel、Balderton Capital、Latitude Venture Partners、红杉资本(Sequoia Capital)和Schroder Adveq。自八年前成立以来,Tessian共筹集了总计1.37亿美元的资金。

在网络钓鱼攻击过程中,犯罪分子会诱骗不知情的员工点击看似来源合法的电子邮件里的恶意链接。一些最常见的网络钓鱼手段则是黑客以银行或同事的名义发送欺骗性垃圾邮件。

这类黑客攻击手段在新冠疫情期间尤为普遍,骗子向人们大量发送声称来自于美国疾病控制与预防中心(Centers for Disease Control and Prevention)以及其它应对全国性疫情的相关组织的欺骗性信息。

IronScales和Vade Secure等数家网络安全初创公司正在借助机器学习来识别钓鱼邮件。风险投资者认为,这些初创企业有望成为大型企业。

Tessian的联合创始人及首席执行官蒂姆•萨德勒表示,为了建立相关模型,他们会先收集分析公司的电子邮件数据,比如员工用于联系客户的常用邮箱地址。然后,他们会使用这些数据来训练机器学习模型,该模型能够在员工点开新的电子邮件前事先扫描它们并标记出可疑邮件。

机器学习系统还会阐述怀疑原因,例如电子邮件中附有一条陌生网络链接或员工姓名拼写错误。Tessian的联合创始人及首席技术官埃德•毕晓普解释说,如果员工们通常叫经理Cliff,但某封电子邮件称其为Clifton, 那么Tessian的技术可能就会识别出这种异常。

萨德勒承认,“机器学习系统仍然存在许多缺陷”,有时候该公司的人工智能会将合法邮件错误标记为欺诈邮件。但他表示,Tessian一直在努力避免该软件错误标记真实邮件的次数过多。

萨德勒说,总部位于伦敦的Tessian计划将一部分最新融资用于招聘,争取将员工人数从170人增加到220人,再到今年年底的250人。该公司还计划改进其技术,扩大识别范围到其它通信服务领域(比如短信或办公聊天软件)的网络钓鱼攻击。

试图打击网络钓鱼的公司所面临的一大挑战是,随着自然语言处理技术的发展,钓鱼邮件越来越像真实邮件了。自然语言处理是人工智能的一个子领域,是指机器理解并解释人类写作、说话方式的能力。毕晓普表示,随着优秀的语言模型的进步,例如由人工智能公司OpenAI训练与开发的GPT-3模型(Generative Pretrained Transformer-3,第三代生成式预训练转换器——译注),犯罪分子打造针对特定收件人的个性化钓鱼邮件时的难度会变得更低。比如,这样的电子邮件可能会包含人工智能生成的信息,其写作风格类似于员工老板,导致辨别真假的难度更高。

因此,Tessian以及其它公司都在尽力改进他们的人工智能,以识别出由更先进的人工智能支撑的网络钓鱼攻击,这种攻击有朝一日可能会“像垃圾邮件一样普遍”,毕晓普说。(财富中文网)

译者:Claire

Many cybersecurity companies say artificial intelligence could better combat a popular hacking tactic known as phishing.

One such firm, Tessian, said on May 25 that it has raised another $65 million in funding that values it at $500 million. March Capital was the lead investor, while other participants included Accel, Balderton Capital, Latitude Venture Partners, Sequoia Capital, and Schroder Adveq. Since its founding 8 years ago, Tessian has raised a total of $137 million.

In a phishing attack, criminals dupe unwitting workers into clicking on malicious links in emails that appear to come from legitimate sources. Some of the most common phishing attacks involve hackers sending bogus emails resembling messages from banks or colleagues.

Phishing attacks have become particularly prevalent during the COVID-19 pandemic, with scammers sending people phony messages claiming to be from the Centers for Disease Control and Prevention and other organizations involved with national coronavirus response.

Several cyber security startups like IronScales and Vade Secure are using machine learning to spot phishing emails. Venture capitalists are betting that these startups will eventually become big businesses.

Tessian co-founder and CEO Tim Sadler said that his startup analyzes a company’s corporate emails to discover patterns, such as common email addresses that people correspond with, which could indicate that they are messages to customers, for instance. The company then uses this data to train a machine-learning model, which can scan emails and flag those that are suspicious before employees click on them.

The machine learning system also displays the reasons why it suspects an email is fraudulent, such as it featuring a strange web link or misspellings of employee names. If a manager is known to workers as Cliff, but the email refers to the boss as Clifton, Tessian’s technology may spot the discrepancy, explained Tessian co-founder and chief technology officer Ed Bishop.

Sadler acknowledged that “a machine learning system is never going to be perfect,” and sometimes the startup’s A.I. can incorrectly flag legitimate emails as bogus. But, he said Tessian has been working on preventing the software from over flagging genuine emails.

Tessian, based in London, plans to go on a hiring spree with its latest financing, boosting its headcount from 170 employees to 220 to 250 by the end of the year, Sadler said. The startup also plans to improve its technology so that it can be used to spot phishing attacks on other kinds of communications services, like text messaging or work-chat services.

One challenge facing companies trying to combat phishing is the rise of more realistic attacks aided by advances in natural language processing, a subset of A.I. that involves computers creating and understanding text. Bishop said that advances in powerful language models like OpenAI’s GPT-3 system could lead to criminals more easily creating phishing emails that appear to be personalized to particular recipients. For instance, such an email could contain an A.I.-generated message in which the writing style is similar to a worker’s boss, making it harder to spot a fraud.

As a result, Tessian, and other companies, are on a quest to improve their A.I. to detect more advanced A.I.-powered phishing attacks, which could one day be as “prevalent as spam,” Bishop said.

热读文章
热门视频
扫描二维码下载财富APP