ICSA: Intelligent chatbot security assistant using Text-CNN and multi-phase real-time defense against SNS phishing attacks

SNS phishing attack is one of the representative social engineering attacks exploiting humans’ emotions and trust and thus usually proceeds in multi-phases such that the attacker first forms an intimate bond with victims emotionally and then forces victims to conduct serious actions according to the attacker’s malicious intents. Meanwhile, according to our extensive survey, we observed that existing works on defending against SNS phishing attacks are inefficient in that they detect the attack mostly in the final stage of the attack or after the incident is reported. This is mainly because they neglect the characteristics of SNS phishing attacks following social engineering attack cycles. By this motivation, we first formalize SNS phishing attack phases based on the existing social engineering attack cycles and propose an Intelligent Chatbot Security Assistant (ICSA) that detects the progress phase of an SNS phishing attack by using Text-CNN-based attack phase classifiers and AI Chatbot technology. ICSA provides appropriate suggestions to victims and conducts necessary actions according to pre-defined defense produces designed by security experts. In addition, we implement ICSA as Telegram Chatbot by using Google Dialogflow and AWS (Amazon Web Services) server in the Telegram messenger. To validate our idea, we conduct extensive experiments to show our Telegram Chatbot works properly in real-time according to its design purpose and also we compare two representative ML models (Text-CNN and LSTM) in terms of the training and test accuracy to show why we choose the Text-CNN model to generate attack phase classifiers.