PhishFinder | Devpost

Normal Email Example
Phishing Email Example

Inspiration

Our research found that over 83% of organizations have experienced some phishing attacks since March 2020, and only 1/5 of these organizations train their employees on phishing awareness at least once per year. It is estimated that there were 6 billion phishing attacks in 2020, 91% of which are sent via Gmail. We realize that this is a problem that affects a large portion of our community, us included, and was something we wanted to address in this hackathon

What it does

Our product, PhishFinder, is a web browser extension that links with Gmail to determine whether the selected email is a phishing scam. Next to the subject of the email, a text box will show, stating the security status of the email.

How we built it

We knew that we wanted to incorporate an AI element into the project, in order to get a better, more accurate result for the product. We began by researching various AI models and how we wanted to approach this feature of the extension. First, we attempted to train and test our own model, however, due to time concerns we decided to find a pre-trained model where we could do modifications to fit our needs. We went on a long hunt to find the right model for our project, some models tested include, PhishDef, Bert, RoBERTa, ALBERT, ELECTRA, PyText, TenserFlow Hub, AllenNLP, GPT-2. What we found worked best was DistilBERT and GPT-3. Both of these had their pros and cons, such as high accuracy, good documentation, and robust training. Ultimately, we settled on GPT-3 due to its wide-known popularity and reliability. There were different kinds of Ai that we tried to use for this project. Some were deep learning which meant that the model itself learned and iterated over what it knows to get and understand. Machine learning is the model learning from human classifications. Ultimately our two best models used Deep learning. DistilBERT took in text using JSON and outputs a binary result (in JSON) whereas Chat GPT 3 (which takes input from the body of the email and email address) and runs a prediction on it before returning phishing/no phishing.

In order to create the web extension, we read through hours of Google and HTML/JavaScript documentation to fit our needs. We designed the extension to inject into Gmail's webpage and extract the address and body of the email that is currently selected. Utilizing HTTP protocols, this information is sent to the AI, GPT-3, and the output is stored. If the predicted phishing probability is greater than our selected threshold, a div box is created and inserted into the website, notifying the user of the email's status.

Challenges we ran into

This project was the kind where everything we did was brand new for us. We had rarely ever used Ai before and neither of us has ever made an extension before. One of our biggest problems was finding a model that would fit our needs. What we found when testing many models was that these models would often over/under compensate and would often output only "this is a phishing email" or "this is not a phishing email" for every text input, even if it was very obvious it was/wasn't a scam email. We spent over 24 hours searching different repositories, articles, and papers on the deepest corners of the internet to find what we wanted. Not only finding different models but trying to use different models that each have different documentation led to so many different challenges that we had to work through, as there were over 11 unique models that we tested. But it was a fantastic feeling when we finally found a model that worked for us. On the extension side of things, there were many problems in using the Chromium documentation and there were many bugs to sort through. Overall, there was a lot of iteration on our project as we had many challenges that we had to solve in order to create PhishFinder.

Accomplishments that we're proud of

To create this product, we both had to learn new languages and APIs, such as JavaScript and the Gmail API. We're proud of making an end-to-end product that has the potential to help hundreds of thousands of people. Coming into this, we never expected to create this product and were proud to have refined our skills in teamwork and time management.

What we learned

Prior, we had little to no experience with these tools, so we used the documentation available to learn how to work with multiple people on one project, as well as the use of multiple pieces of technology together. All in all, we are happy to have learned about the inner workings of websites/HTML and AI.

What's next for PhishFinder

What is next? We are going to try and expand on this project to help organizations and people for free. We want to create a world that does not have to worry about cyber crimes such as phishing. We will expand to other emails such as outlook and spread awareness about phishing

Built With

chromium
css
flask
html
javascript
openai
python
torch
transformations

Updates

Aditya Shah started this project — Feb 26, 2023 08:14 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.