Enhancing Spear Phishing Defense with AI: A Comprehensive Review and Future Directions

Authors

DOI:

https://doi.org/10.4108/eetsis.6109

Keywords:

Artificial Intelligence, Spear Phishing, Cybersecurity, Email Threat Detection, Machine Learning, Natural Language Processing

Abstract

This paper presents a critical analysis of the role of Artificial Intelligence (AI) in defending against spear phishing attacks, which continue to be a significant cybersecurity threat. By examining 30 seminal studies, we provide an in-depth evaluation of current AI techniques, such as machine learning, natural language processing, and behavioural analytics, which are utilized to detect and mitigate sophisticated email threats. Our review uncovers that AI not only significantly enhances the detection capabilities against these tar-geted attacks but also faces challenges like adaptability and false positives. These findings highlight the continuous evolution of AI strategies in spear phishing defense and the need for ongoing innovation to keep pace with ad-vanced threat tactics. This paper aims to guide future research by proposing integrated AI solutions that enhance both detection capabilities and respon-siveness to new threats, thereby strengthening cybersecurity defenses in an increasingly digital world.

Author Biography

Hamed Taherdoost, University Canada West

Hamed Taherdoost is an award-winning leader and R&D professional. He is founder of the Hamta Group | Hamta Business Corporation, Associate Professor and Chair of RSAC at University Canada West, and Director of R&D at Q Minded | Quark Minded Technology Inc. He has over 20 years of experience in both industry and academia sectors. He has worked at international companies from Cyprus, the UK, Malta, Iran, Malaysia, and Canada and has been highly involved in development of several projects in different industries; healthcare, transportation, residential, oil and gas and IT. Apart from industry, he has been a university lecturer in three different parts of the world, Southeast Asia, the Middle East, and North America. Currently, he is an Adjunct Professor at Westcliff University, mentor at Futurpreneur Canada, Advisory Board of Cambridge Scholars Publishing, UK, Senior Technical Consultant at CI Solutions Ltd, and Innotek Consulting Ltd. 

He is a certified cybersecurity technologist and a senior member of IEEE, IAEEEE, IASED, & IEDRC, Fellow Member of ISAC, WGM of IFIP TC11, member of CSIAC, ACT-IAC and AASHE. Hamed has been an active multidisciplinary researcher and R&D specialist involved in several academic and industrial research projects. Currently, he is involved in several multidisciplinary research projects, including studying innovation in information technology, blockchain, and cybersecurity, people’s behavior, and technology acceptance.

References

[1] Evans, K., Abuadbba, A., Wu, T., Moore, K., Ahmed, M., Pogrebna, G., ... & Johnstone, M. (2022, December). RAIDER: Reinforcement-aided spear phishing detector. In International Conference on Network and System Security (pp. 23-50). Cham: Springer Nature Switzerland.

[2] Laszka, A., Lou, J., & Vorobeychik, Y. (2016, February). Multi-defender strategic filtering against spear-phishing attacks. In Proceedings of the AAAI Conference on Artificial Intelligence (Vol. 30, No. 1).

[3] Rege, M., & Mbah, R. B. K. (2018). Machine learning for cyber defense and attack. Data Analytics, 2018, 83.

[4] Chandra, J. V., & Narasimham Challa, D. S. K. P. Cross validation of an effective machine learning model on unified data sets to detect and analyse spear phishing attacks.

[5] Ding, X., Liu, B., Jiang, Z., Wang, Q., & Xin, L. (2021, May). Spear phishing emails detection based on machine learning. In 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD) (pp. 354-359). IEEE.

[6] Yamin, M. M., Ullah, M., Ullah, H., & Katt, B. (2021). Weaponized AI for cyber attacks. Journal of Information Security and Applications, 57, 102722.

[7] Basit, A., Zafar, M., Liu, X., Javed, A. R., Jalil, Z., & Kifayat, K. (2021). A comprehensive survey of AI-enabled phishing attacks detection techniques. Telecommunication Systems, 76, 139-154.

[8] Sharma, P., Dash, B., & Ansari, M. F. (2022). Anti-phishing techniques–a review of Cyber Defense Mechanisms. International Journal of Advanced Research in Computer and Communication Engineering ISO, 3297, 2007.

[9] Chandra, J. V., Challa, N., & Pasupuletti, S. K. (2019). Machine learning framework to analyze against spear phishing. Int. J. Innov. Technol. Exploring Eng.(IJITEE), 8, 12.

[10] Ansari, M. F., Sharma, P. K., & Dash, B. (2022). Prevention of phishing attacks using AI-based Cybersecurity Awareness Training. Prevention.

[11] Mohamed, N., Bajaj, M., Almazrouei, S. K., Jurado, F., Oubelaid, A., & Kamel, S. (2023, June). Artificial Intelligence (AI) and Machine Learning (ML)-based Information Security in Electric Vehicles: A Review. In 2023 5th Global Power, Energy and Communication Conference (GPECOM) (pp. 108-113). IEEE.

[12] Mohamed, N., Almazrouei, S. K., Oubelaid, A., Ahmed, A. A., Jomah, O. S., & Aghnaiya, A. (2023, May). Understanding the Threat Posed by Chinese Cyber Warfare Units. In 2023 IEEE 3rd International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering (MI-STA) (pp. 359-364). IEEE.

[13] Mohamed, N. (2023). Current trends in AI and ML for cybersecurity: A state-of-the-art survey. Cogent Engineering, 10(2), 2272358.

[14] Mohamed, N., Awasthi, A., Kulkarni, N., Thota, S., Singh, M., & Dhole, S. V. (2022). Decision Tree Based Data Pruning with the Estimation of Oversampling Attributes for the Secure Communication in IOT. International Journal of Intelligent Systems and Applications in Engineering, 10(2s), 212-216.

[15] Mohamed, N., Kumar, K. S., Sharma, S., Kumar, R. D., Mehta, S., & Mishra, I. (2022). Wireless Sensor Network Security with the Probability Based Neighbourhood Estimation. International Journal of Intelligent Systems and Applications in Engineering, 10(2s), 231-235.

[16] Mohamed, N., Solanki, M. S., Praveena, H. D., Princy, A., Das, S., & Verma, D. (2023, May). Artificial Intelligence Integrated Biomedical Implants System Developments in Healthcare. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 588-591). IEEE.

[17] Mohamed, N. (2022, December). Importance of Artificial Intelligence in Neural Network through using MediaPipe. In 2022 6th International Conference on Electronics, Communication and Aerospace Technology (pp. 1207-1215). IEEE.

[18] Mohamed, N., Singh, V. K., Islam, A. U., Saraswat, P., Sivashankar, D., & Pant, K. (2022, December). Role of Machine Learning In Health Care System for The Prediction of Different Diseases. In 2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT) (pp. 1-4). IEEE.

[19] Mohamed, N., Josphineleela, R., Madkar, S. R., Sena, J. V., Alfurhood, B. S., & Pant, B. (2023, May). The Smart Handwritten Digits Recognition Using Machine Learning Algorithm. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 340-344). IEEE.

[20] Mohamed, N., Awasthi, M. A., Kulkarni, N., Thota, S., Singh, M., & Dhole, S. V. INTELLIGENT SYSTEMS AND APPLICATIONS IN ENGINEERING.

[21] Mohamed, N., Rao, L. S., Sharma, M., & Shukla, S. K. (2023, May). In-depth review of integration of AI in cloud computing. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 1431-1434). IEEE.

[22] Mohamed, N., Upadhyay, R., Jakka, G., Rambabu, P. V., Alfurhood, B. S., & Singh, D. P. (2023, May). Framework for the Deployment of Intelligent Smart Cities (ISC) using Artificial Intelligence and Software Networking Technologies. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 667-671). IEEE.

[23] Mohamed, N., Ninoria, S., Krishnan, C., Rajasekaran, S. B., Alfurhood, B. S., & Singh, D. P. (2023, May). Development of Smart Chabot in the Field of Trading using Smart Artificial Intelligence Informal Technology. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 862-865). IEEE.

[24] Mohamed, N., Baskaran, N. K., Patil, P. P., Alatba, S. R., & Aich, S. C. (2023, May). Thermal Images Captured and Classifier-based Fault Detection System for Electric Motors Through ML Based Model. In 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (pp. 649-654). IEEE.

[25] Rege, M., & Mbah, R. B. K. (2018). Machine learning for cyber defense and attack. Data Analytics, 2018, 83.

[26] Laszka, A., Vorobeychik, Y., & Koutsoukos, X. (2015, February). Optimal personalized filtering against spear-phishing attacks. In Proceedings of the AAAI Conference on Artificial Intelligence (Vol. 29, No. 1).

[27] Kaloudi, N., & Li, J. (2020). The ai-based cyber threat landscape: A survey. ACM Computing Surveys (CSUR), 53(1), 1-34.

[28] Yamin, M. M., Ullah, M., Ullah, H., & Katt, B. (2021). Weaponized AI for cyber attacks. Journal of Information Security and Applications, 57, 102722.

[29] Ding, X., Liu, B., Jiang, Z., Wang, Q., & Xin, L. (2021, May). Spear phishing emails detection based on machine learning. In 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD) (pp. 354-359). IEEE.

[30] Fritsch, L., Jaber, A., & Yazidi, A. (2022, May). An Overview of Artificial Intelligence Used in Malware. In Symposium of the Norwegian AI Society (pp. 41-51). Cham: Springer International Publishing.

[31] Alghenaim, M. F., Bakar, N. A. A., Abdul Rahim, F., Vanduhe, V. Z., & Alkawsi, G. (2022, December). Phishing Attack Types and Mitigation: A Survey. In The International Conference on Data Science and Emerging Technologies (pp. 131-153). Singapore: Springer Nature Singapore.

[32] Liu, M., Zhang, Y., Liu, B., Li, Z., Duan, H., & Sun, D. (2021, December). Detecting and characterizing SMS spearphishing attacks. In Proceedings of the 37th Annual Computer Security Applications Conference (pp. 930-943).

[33] Li, Q., & Cheng, M. (2023, August). Spear-Phishing Detection Method Based on Few-Shot Learning. In International Symposium on Advanced Parallel Processing Technologies (pp. 351-371). Singapore: Springer Nature Singapore.

[34] Karim, A., Azam, S., Shanmugam, B., Kannoorpatti, K., & Alazab, M. (2019). A comprehensive survey for intelligent spam email detection. Ieee Access, 7, 168261-168295.

[35] Ghazi-Tehrani, A. K., & Pontell, H. N. (2022). Phishing evolves: Analyzing the enduring cybercrime. In The New Technology of Financial Crime (pp. 35-61). Routledge.

[36] Shah, R. K., Hasan, M. K., Islam, S., Khan, A., Ghazal, T. M., & Khan, A. N. (2022, May). Detect phishing website by fuzzy multi-criteria decision making. In 2022 1st International Conference on AI in Cybersecurity (ICAIC) (pp. 1-8). IEEE.

[37] Gupta, B. B., Arachchilage, N. A., & Psannis, K. E. (2018). Defending against phishing attacks: taxonomy of methods, current issues and future directions. Telecommunication Systems, 67, 247-267.

Downloads

Published

10-12-2024

How to Cite

1.
Mohamed N, Taherdoost H, Madanchian M. Enhancing Spear Phishing Defense with AI: A Comprehensive Review and Future Directions. EAI Endorsed Scal Inf Syst [Internet]. 2024 Dec. 10 [cited 2024 Dec. 22];12(1). Available from: https://publications.eai.eu/index.php/sis/article/view/6109