Building a framework for detecting smishing messages

Date

2023-05

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Imagine receiving a text message that looks innocent enough but is a cleverly disguised attempt to steal your personal information or install malicious software on your device. This is the reality of smishing attacks, a growing threat that affects millions of people across the globe. Smishing attacks can cause significant financial harm to people worldwide who become victims. A global survey conducted by cybersecurity firm Lookout found that 56% of the respondents received either phishing or smishing messages in the past year, and 26% clicked on links. According to the survey, the average financial loss from a smishing attack was $700 [2]. Given the widespread nature of these attacks, individuals must be cautious and take measures to safeguard themselves from such attacks. The framework developed in this project provides the opportunity to develop synthetic attacks, which can be used to improve the detection and prevention of smishing attacks. By simulating a range of AI-generated smishing attacks, the framework enables organizations to develop and test more effective defense mechanisms, improving their ability to detect and prevent these types of attacks. The novel part of this project includes the first open-source/free available auto smishing generator, which researchers can use to develop synthetic smishing attacks, the creation of a smishing dataset and a smishing scoring engine that can be used to improve the effectiveness of artificial smishing attacks or auto-detect potential smishing attacks. This paper provides a detailed overview of the development of the framework, including the challenges faced and the solutions implemented. The potential applications of the framework in various contexts are discussed, and areas for future research are suggested. The code for this project can be found at https://github.com/Ashesi-Org/Smishing-Framework-.git

Description

Applied project submitted to the Department of Computer Science and Information Systems, Ashesi University, in partial fulfillment of Bachelor of Science degree in Computer Science, May 2023

Keywords

cybersecurity, text messages

Citation

DOI