許多網絡安全公司表示,人工智能可以更好地打擊網絡釣魚,即一種常見的黑客攻擊手段。
Tessian就是一家這樣的公司,其在5月25日表示,它在C輪融資中籌集了6500萬美元,目前公司的估值已經達到5億美元。這輪融資由March Capital領投,參投方包括Accel、Balderton Capital、Latitude Venture Partners、紅杉資本(Sequoia Capital)和Schroder Adveq。自八年前成立以來,Tessian共籌集了總計1.37億美元的資金。
在網絡釣魚攻擊過程中,犯罪分子會誘騙不知情的員工點擊看似來源合法的電子郵件里的惡意鏈接。一些最常見的網絡釣魚手段則是黑客以銀行或同事的名義發送欺騙性垃圾郵件。
這類黑客攻擊手段在新冠疫情期間尤為普遍,騙子向人們大量發送聲稱來自于美國疾病控制與預防中心(Centers for Disease Control and Prevention)以及其它應對全國性疫情的相關組織的欺騙性信息。
IronScales和Vade Secure等數家網絡安全初創公司正在借助機器學習來識別釣魚郵件。風險投資者認為,這些初創企業有望成為大型企業。
Tessian的聯合創始人及首席執行官蒂姆?薩德勒表示,為了建立相關模型,他們會先收集分析公司的電子郵件數據,比如員工用于聯系客戶的常用郵箱地址。然后,他們會使用這些數據來訓練機器學習模型,該模型能夠在員工點開新的電子郵件前事先掃描它們并標記出可疑郵件。
機器學習系統還會闡述懷疑原因,例如電子郵件中附有一條陌生網絡鏈接或員工姓名拼寫錯誤。Tessian的聯合創始人及首席技術官埃德?畢曉普解釋說,如果員工們通常叫經理Cliff,但某封電子郵件稱其為Clifton, 那么Tessian的技術可能就會識別出這種異常。
薩德勒承認,“機器學習系統仍然存在許多缺陷”,有時候該公司的人工智能會將合法郵件錯誤標記為欺詐郵件。但他表示,Tessian一直在努力避免該軟件錯誤標記真實郵件的次數過多。
薩德勒說,總部位于倫敦的Tessian計劃將一部分最新融資用于招聘,爭取將員工人數從170人增加到220人,再到今年年底的250人。該公司還計劃改進其技術,擴大識別范圍到其它通信服務領域(比如短信或辦公聊天軟件)的網絡釣魚攻擊。
試圖打擊網絡釣魚的公司所面臨的一大挑戰是,隨著自然語言處理技術的發展,釣魚郵件越來越像真實郵件了。自然語言處理是人工智能的一個子領域,是指機器理解并解釋人類寫作、說話方式的能力。畢曉普表示,隨著優秀的語言模型的進步,例如由人工智能公司OpenAI訓練與開發的GPT-3模型(Generative Pretrained Transformer-3,第三代生成式預訓練轉換器——譯注),犯罪分子打造針對特定收件人的個性化釣魚郵件時的難度會變得更低。比如,這樣的電子郵件可能會包含人工智能生成的信息,其寫作風格類似于員工老板,導致辨別真假的難度更高。
因此,Tessian以及其它公司都在盡力改進他們的人工智能,以識別出由更先進的人工智能支撐的網絡釣魚攻擊,這種攻擊有朝一日可能會“像垃圾郵件一樣普遍”,畢曉普說。(財富中文網)
譯者:Claire
許多網絡安全公司表示,人工智能可以更好地打擊網絡釣魚,即一種常見的黑客攻擊手段。
Tessian就是一家這樣的公司,其在5月25日表示,它在C輪融資中籌集了6500萬美元,目前公司的估值已經達到5億美元。這輪融資由March Capital領投,參投方包括Accel、Balderton Capital、Latitude Venture Partners、紅杉資本(Sequoia Capital)和Schroder Adveq。自八年前成立以來,Tessian共籌集了總計1.37億美元的資金。
在網絡釣魚攻擊過程中,犯罪分子會誘騙不知情的員工點擊看似來源合法的電子郵件里的惡意鏈接。一些最常見的網絡釣魚手段則是黑客以銀行或同事的名義發送欺騙性垃圾郵件。
這類黑客攻擊手段在新冠疫情期間尤為普遍,騙子向人們大量發送聲稱來自于美國疾病控制與預防中心(Centers for Disease Control and Prevention)以及其它應對全國性疫情的相關組織的欺騙性信息。
IronScales和Vade Secure等數家網絡安全初創公司正在借助機器學習來識別釣魚郵件。風險投資者認為,這些初創企業有望成為大型企業。
Tessian的聯合創始人及首席執行官蒂姆?薩德勒表示,為了建立相關模型,他們會先收集分析公司的電子郵件數據,比如員工用于聯系客戶的常用郵箱地址。然后,他們會使用這些數據來訓練機器學習模型,該模型能夠在員工點開新的電子郵件前事先掃描它們并標記出可疑郵件。
機器學習系統還會闡述懷疑原因,例如電子郵件中附有一條陌生網絡鏈接或員工姓名拼寫錯誤。Tessian的聯合創始人及首席技術官埃德?畢曉普解釋說,如果員工們通常叫經理Cliff,但某封電子郵件稱其為Clifton, 那么Tessian的技術可能就會識別出這種異常。
薩德勒承認,“機器學習系統仍然存在許多缺陷”,有時候該公司的人工智能會將合法郵件錯誤標記為欺詐郵件。但他表示,Tessian一直在努力避免該軟件錯誤標記真實郵件的次數過多。
薩德勒說,總部位于倫敦的Tessian計劃將一部分最新融資用于招聘,爭取將員工人數從170人增加到220人,再到今年年底的250人。該公司還計劃改進其技術,擴大識別范圍到其它通信服務領域(比如短信或辦公聊天軟件)的網絡釣魚攻擊。
試圖打擊網絡釣魚的公司所面臨的一大挑戰是,隨著自然語言處理技術的發展,釣魚郵件越來越像真實郵件了。自然語言處理是人工智能的一個子領域,是指機器理解并解釋人類寫作、說話方式的能力。畢曉普表示,隨著優秀的語言模型的進步,例如由人工智能公司OpenAI訓練與開發的GPT-3模型(Generative Pretrained Transformer-3,第三代生成式預訓練轉換器——譯注),犯罪分子打造針對特定收件人的個性化釣魚郵件時的難度會變得更低。比如,這樣的電子郵件可能會包含人工智能生成的信息,其寫作風格類似于員工老板,導致辨別真假的難度更高。
因此,Tessian以及其它公司都在盡力改進他們的人工智能,以識別出由更先進的人工智能支撐的網絡釣魚攻擊,這種攻擊有朝一日可能會“像垃圾郵件一樣普遍”,畢曉普說。(財富中文網)
譯者:Claire
Many cybersecurity companies say artificial intelligence could better combat a popular hacking tactic known as phishing.
One such firm, Tessian, said on May 25 that it has raised another $65 million in funding that values it at $500 million. March Capital was the lead investor, while other participants included Accel, Balderton Capital, Latitude Venture Partners, Sequoia Capital, and Schroder Adveq. Since its founding 8 years ago, Tessian has raised a total of $137 million.
In a phishing attack, criminals dupe unwitting workers into clicking on malicious links in emails that appear to come from legitimate sources. Some of the most common phishing attacks involve hackers sending bogus emails resembling messages from banks or colleagues.
Phishing attacks have become particularly prevalent during the COVID-19 pandemic, with scammers sending people phony messages claiming to be from the Centers for Disease Control and Prevention and other organizations involved with national coronavirus response.
Several cyber security startups like IronScales and Vade Secure are using machine learning to spot phishing emails. Venture capitalists are betting that these startups will eventually become big businesses.
Tessian co-founder and CEO Tim Sadler said that his startup analyzes a company’s corporate emails to discover patterns, such as common email addresses that people correspond with, which could indicate that they are messages to customers, for instance. The company then uses this data to train a machine-learning model, which can scan emails and flag those that are suspicious before employees click on them.
The machine learning system also displays the reasons why it suspects an email is fraudulent, such as it featuring a strange web link or misspellings of employee names. If a manager is known to workers as Cliff, but the email refers to the boss as Clifton, Tessian’s technology may spot the discrepancy, explained Tessian co-founder and chief technology officer Ed Bishop.
Sadler acknowledged that “a machine learning system is never going to be perfect,” and sometimes the startup’s A.I. can incorrectly flag legitimate emails as bogus. But, he said Tessian has been working on preventing the software from over flagging genuine emails.
Tessian, based in London, plans to go on a hiring spree with its latest financing, boosting its headcount from 170 employees to 220 to 250 by the end of the year, Sadler said. The startup also plans to improve its technology so that it can be used to spot phishing attacks on other kinds of communications services, like text messaging or work-chat services.
One challenge facing companies trying to combat phishing is the rise of more realistic attacks aided by advances in natural language processing, a subset of A.I. that involves computers creating and understanding text. Bishop said that advances in powerful language models like OpenAI’s GPT-3 system could lead to criminals more easily creating phishing emails that appear to be personalized to particular recipients. For instance, such an email could contain an A.I.-generated message in which the writing style is similar to a worker’s boss, making it harder to spot a fraud.
As a result, Tessian, and other companies, are on a quest to improve their A.I. to detect more advanced A.I.-powered phishing attacks, which could one day be as “prevalent as spam,” Bishop said.