OFFENSIVE AI: UNIFICATION OF EMAIL GENERATION THROUGH GPT-2 MODEL WITH A GAME-THEORETIC APPROACH FOR SPEAR-PHISHING ATTACKS

A rising digital economy implies more cybersecurity challenges. As organisations continue with their digital transformations, they need to implement pervasive cyber defense measures to comply with the corresponding severe security threats. The number of organisations and individuals falling victim to targeted attacks such as spear-phishing attacks is growing rapidly. Regardless of substantial exploration in mitigation systems, attackers today are becoming more sophisticated as they cultivate their techniques, employing advanced natural language (NL) capabilities to deceive email security systems. Game theory approaches based on cybersecurity are mostly concentrated on proposing defence algorithms against attacks. This work is comprehensively centred on the role of the attacker in spear-phishing attacks, using OpenAI text generating model Generative Pre-trained Transformer 2 (GPT-2) to generate emails with various malicious content. Attackers use those emails to attack a target and attempt to deceive the defence system. Considering the lack of theoretic analysis from the attacker's perspective, a non-cooperative zero-sum spear-phishing game model is proposed that allows an attacker to choose an optimal strategy for maximising payoff. Moreover, we calculated the Nash equilibrium (NE) in mixed strategies for the attacker-defender game and provided a reasonable scheme for an attacker to gain an advantage over the target.