Sep 26, 2023
In the field of hosting services, we all face a common challenge: dealing with malicious users who exploit our platforms for phishing activities. Stormkit, like other providers, also encounters these malicious actors. In this blog post, we will share some of our strategies for identifying and preventing phishing attempts, including the use of simple AI technology.
To give you a better idea, let's consider an instance where the program identifies two text fields designated for login, along with a keyword such as 'Facebook'. This scenario raises suspicions that the website may be attempting to mimic Facebook's login interface. Another noteworthy example is when the page incorporates a URL previously reported to Google, further contributing to the overall score that ultimately prompts an alert through Discord.
To strengthen our defense against phishing, we have decided to leverage the potential of AI to assist us in this endeavor. Analyzing the contents of HTML alone is not sufficient. We needed a more human-like approach, so we decided to take screenshots of websites and feed them into our pre-trained model, combining this with our existing approach. Since we are not experts in the field of AI, we researched how we could achieve this quickly and came across two tools that are quite helpful: Teachable Machine and TensorFlow.js.
Teachable Machine is an incredible tool powered by web assembly and TensorFlow.js. It enables us to train models directly in our browser using data. Whenever we encountered phishing content, we took a screenshot and fed it into our model. We tried to train our models with phishing websites that resembled login pages, as well as other sites that looked different. Essentially, our model has two classes. Pages that look like login pages and pages that do not look like a login page. TensorFlow.js is an open-source library that allows for the execution of machine learning and deep learning models directly in the browser or in Node.js environments. It is an extension of the widely used TensorFlow library, which is used for building and training machine learning models. We can download trained models from Teachable Machine and load it in our Node.js program using the same TensorFlow.js library. This improved our detection accuracy, but we still face the challenge of identifying phishing sites that have a different appearance from login pages. To reduce the amount of false positives that we encounter we added a list of trusted user’s to our system which is excluded from the scanning process.