DeepPhish is an AI-driven tool designed to enhance the effectiveness of phishing attacks by generating URLs that mimic legitimate ones. Developed as part of a research project to understand the potential malicious use of artificial intelligence in cyberattacks, DeepPhish analyzes patterns from successful phishing campaigns to create new, more convincing phishing URLs. ​

It relies on Long Short-Term Memory (LSTM) neural networks, a type of Recurrent Neural Network (RNN), to analyze and generate phishing URLs. There are several steps involved in this process:

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

1. The model is trained using a dataset of phishing and legitimate URLs. By studying these examples, it learns common structures and variations used in phishing links.

2. Unlike traditional pattern recognition methods, DeepPhish uses LSTM networks to process sequences of characters in URLs. LSTMs are particularly effective at capturing dependencies in text, allowing the model to recognize subtle changes that make phishing URLs appear legitimate. This helps in generating URLs that closely resemble real ones but contain slight modifications that bypass detection mechanisms.

3. Using the trained LSTM model, DeepPhish can generate new URLs by predicting the next characters in a sequence based on learned patterns. This ensures that the URLs look credible while still leading to malicious sites.

4. The model continuously refines its outputs by testing them against phishing detection systems and modifying the URL structures to improve their likelihood of bypassing security controls.

For example, in a research conducted by Alejandro Correa Bahnsen, he was able to demonstrate that DeepPhish generated phishing campaigns were found to improve the effectiveness by up to 36% compared to traditional phishing attacks.

If you want to dive deep into the technical details of how DeepPhish works, and how it can be used to improve efectiveness of phishing campaings, below is the recording of a presentation, DeepPhish: Simulating Malicious AI by Alejandro Correa Bahnsen, presented at BlackHat Europe 2018.

Red Team Notes
DeepPhish is an AI-powered tool that leverages LSTM neural networks to generate highly deceptive phishing URLs, improving phishing campaign effectiveness by up to 36%. Red team operators can use DeepPhish to generate more realistic phishing URLs.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.