-
Notifications
You must be signed in to change notification settings - Fork 0
/
CA.Abstract.tex
61 lines (46 loc) · 3.19 KB
/
CA.Abstract.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
% --------------------------------
% ABSTRACT (English)
% --------------------------------
\begin{otherlanguage}{english}
\begin{abstract}
\begin{comment}
Guides:
- Max about 100-200 words
- Some other theses have almost entirely covered the available area
- If the abstract text is too full, is that demotivating to the reader?
- Study material states that the abstract text is short, usually just one paragraph?
- What has been studied
- How it has been studied
- What results have been observed
- No references
TODO:
[x] What is the research question
[x] What is social engineering
[x] How does generative AI augment SE attacks and countermeasures
[x] What is analyzed in this thesis
[x] What results have been observed
What to cover:
- What is SE?
- Generative AI
- Attacks
- Deepfake synthetic forgeries, videos, live voice morphing
- Highly personalized phishing content (natural language processing), created with the help of chatbots like ChatGPT
- AI augments both attacks and countermeasures
- Countermeasures
- User-oriented
- User awareness & training programs
- Simulated spear phishing campaigns using a variety of methods such as voice, text, live
- Company policy
- Company culture (erillinen company policies kohdasta)
- Tech oriented
- Detection of spear phishing
- Detection of deepfakes
- Dual-use aspect of AI?
From the student's material:
- "Tiivistelmäteksti on lyhyt, yleensä yhden kappaleen mittainen (maksimissaan noin 100 sanaa) selvitys kirjoituksen tärkeimmästä sisällöstä: mitä on tutkittu, miten on tutkittu ja mitä tuloksia on saatu."
\end{comment}
Social engineering, a subdomain of cybersecurity, is the art and science of manipulating people into divulging confidential information or taking actions that may or may not be in their best interests. Traditionally, social engineering relied heavily on manual labor and human intuition, but with the advent of generative artificial intelligence (AI) technologies such as ChatGPT and deepfakes, cybercriminals are able to craft highly targeted and effective social engineering campaigns with novel, unexpected twists.
The research question this thesis address is how to protect end-users and organizations from social engineering attacks that are enhanced by generative AI technologies. To that end, this thesis explores the evolving landscape of AI in social engineering, focusing on attacks such as spear phishing aided by chatbots like ChatGPT and impersonation with hyper-realistic deepfake-generated forgeries. In contrast, the thesis also covers countermeasures against these attacks and evaluates their effectiveness based on relevant literature. Actualized incidents are briefly examined where appropriate.
The findings show that AI-powered social engineering attacks are more persuasive and effective than traditional methods, while current defenses are increasingly inadequate. This underscores the urgent need for cybersecurity professionals to revise their strategies and tools, with AI potentially contributing to this effort.
\end{abstract}
\end{otherlanguage}