Data Science

NVIDIA Morpheus Helps Defend Against Spear Phishing with Generative AI

Mail icon GIF

Using generative AI and the NVIDIA Morpheus cybersecurity AI framework, developers can build solutions that detect spear phishing attempts more effectively and with extremely short training times. In fact, using NVIDIA Morpheus and a generative AI training technique, we were able to detect 90% of targeted spear phishing emails—a 20% improvement compared to a typical phishing detection solution used today. 

What is spear phishing?

Spear phishing represents one of the largest and most costly cyber threats to organizations. While phishing emails are more generic and designed to scam large numbers of people, spear phishing emails are customized for specific individuals. In a spear phishing attack, an email is tailored to a specific persona, job role, or industry. Because it is so targeted, the email tends to be extremely convincing.

Business email compromise is a spear phishing attack with the objective of tricking employees into taking harmful actions, typically sending money to the attacker. According to the 2021 FBI Internet Crime Report, compromised business email cost U.S. organizations an estimated $2.4 billion in 2021. 

While attackers are already harnessing AI to create more phishing emails and better targeted spear phishing attacks, much more can be done to leverage AI to defend against these attacks. Organizations today typically rely on employee training to better recognize attacks, or write rules to filter out suspicious emails. With NVIDIA Morpheus, developers can use AI to better detect spear phishing emails before they reach a user’s inbox.

Spear phishing, at its core, is a data visibility problem. These emails are difficult to defend against due to the lack of available training data. Because the attacks are highly personalized, an individual organization will not observe the requisite number of emails to train an accurate AI model. 

The types of spear phishing attacks on financial institutions are very different from healthcare. Similarly, a spear phishing email targeting a CFO includes different content than one targeting an engineer. The spear phishing detection use case will be available in a future release of NVIDIA Morpheus.

Video 1. Improve spear phishing detection with generative AI

Best Buy leverages NVIDIA Morpheus and AI to defend against phishing

Organizations are already leveraging AI to defend against phishing and other cyber threats. As a leader in the technology space, Best Buy is using customized machine learning (ML) and NVIDIA Morpheus to better secure their infrastructure and inform their security analysts. 

Best Buy’s ML-based cybersecurity implementation improved their accuracy of detecting phishing emails to 96% while maintaining a false positive rate under 20%.  

Recently, the company has begun deploying the Morpheus digital fingerprinting workflow across their accounts to help detect anomalous behavior within the environment. Best Buy continues to collaborate with NVIDIA to develop new AI-based solutions to cybersecurity challenges faced in a rapidly changing ecosystem.

With the NVIDIA Morpheus AI framework, developers can build cybersecurity solutions to detect threats on a scale previously impossible. With Morpheus, development time is reduced, as it helps shrink the exploration, test, and implementation cycle from months to weeks.

Like other NVIDIA frameworks, Morpheus provides building blocks for creating accelerated AI applications. To further reduce development time, teams can leverage NVIDIA AI workflows. The NVIDIA digital fingerprinting workflow, built with Morpheus, provides a reference to get started developing and deploying a cybersecurity solution that can uniquely fingerprint every user, account, service, and machine across a network and provide intelligent alerts with actionable information.

Diagram showing the components of the NVIDIA digital fingerprinting AI workflow.
Figure 1. Combine NVIDIA Morpheus services with third-party open-source services like Kafka and Prometheus to customize sample Python code and shorten the development cycle

Digital fingerprinting workflow: Improved management and deployment 

The latest release of Morpheus includes enhancements that make the digital fingerprinting workflow easier to deploy and manage. These enhancements are integrated training and feedback, nonlinear pipeline support, and new and improved developer documentation.

One of the reasons the digital fingerprinting workflow is so powerful is that it implements individual models for every single user across an organization. Typically, more traditional user behavior analysis relies on large grain models and pattern- and rule-based analyses. These approaches are fragile to threats that look like common enterprise behavior or activity.

Digital fingerprinting creates unsupervised behavioral-based models at three levels of granularity to detect these complex and subtle antipatterns. With digital fingerprinting, you have models for every individual user across the organization, but also every suborganization (an individual manager and their direct reports, for example), and the entire enterprise—all customized to your business.

When you think about the sheer number of models—25,000 to 30,000 minimum for an organization of about 25,000 employees—and multiple types of logs, you may wonder how your teams will train all of these models. This is where integrated training comes in. 

Integrated training

The integrated training updates for the latest Morpheus release include several new tools, composable primitives, and quality-of-life improvements that are designed to enhance workflow flexibility. Support for control messages enables improved customization and dynamic behavior within a pipeline. This facilitates training and inference pipelines coexisting on the same resources and enables dynamic events, including human interaction with a running pipeline. 

Morpheus modules provide a mechanism for encapsulating reusable function units, which can range from a single stage to an entire workflow. These modules are fully compatible with existing pipelines and are easily integrated into existing and new workflows. 

A prior Morpheus release enabled model drift detection, and the latest spring 2023 release introduces additional composable primitives designed to streamline workflows and improve code reuse. These enable user-defined function programming, like drift detection, which triggers model retraining. 

Pipelines can also be nonlinear in nature, enabling cycles, loops, and more complex branching logic. In addition to inline training, pipelines now also support feedback for both human-in-the-loop and automated modalities. 

This means you can deeply integrate subject matter experts into training and inference loops while also integrating Morpheus pipelines at a lower level with sensors. The latter facilitates a closed loop system where the workflows designed in Morpheus perform more complex and automated actions.

All of these new features are also accompanied by new and improved documentation, including a new developer guide that makes getting started with the Morpheus SDK easier.

Get free short-term access to NVIDIA Morpheus, or try the digital fingerprinting workflow in LaunchPad.

NVIDIA and Deloitte announce AI-based cybersecurity collaboration 

Deloitte and NVIDIA are announcing a collaboration to bring AI-based cybersecurity to customers, powered by NVIDIA Morpheus. This collaboration can help organizations improve effectiveness of advanced attack detections while achieving more than 30% to 50% infrastructure cost savings per year, compared to running AI models on general-purpose compute.

For more information on how NVIDIA and NVIDIA partners are helping to address cybersecurity challenges with AI, tune in to the NVIDIA GTC 2023 live sessions listed below, March 20–23:

Discuss (2)