Sosyal Mühendislik Saldırılarının Modellemesi GAN Tabanlı E-Posta Üretimi ve Tespiti

Year 2025, Volume: 1 Issue: 1, 10 - 21, 30.06.2025

Kubilay Atalay

Abstract

Bu çalışma, phishing (oltalama) e-postalarının gerçekçiliğini artırmak ve savunma mekanizmalarını test etmek amacıyla, Generative Adversarial Network (GAN) tabanlı bir simülasyon yaklaşımı sunmaktadır. LSTM tabanlı bir generator ve BERT tabanlı bir discriminator kullanılarak, insan benzeri phishing e-postaları üretilmiş ve bu içeriklerin tespit araçları ve insan gözlemciler tarafından ayırt edilme başarısı analiz edilmiştir. 1000 dengeli e-posta içeren veri seti ile eğitilen model, %95'in üzerinde doğruluk oranıyla gerçek ve sahte içerikleri ayırt edebilmiştir. Sonuçlar, GAN mimarisinin sosyal mühendislik saldırılarını anlamada ve siber savunma sistemlerini test etmede güçlü bir araç olabileceğini göstermektedir.

Keywords

Phishing, Generative Adversarial Networks (GAN), LSTM, Sosyal Mühendislik

Modeling of Social Engineering Attacks GAN Based Email Generation and Detection

Abstract

This study presents a simulation approach based on Generative Adversarial Network (GAN) to increase the realism of phishing emails and test their defense mechanisms. Human-like phishing emails were generated using an LSTM-based generator and a BERT-based discriminator, and the success of distinguishing these contents by detection tools and human observers was analyzed. The model, trained on a dataset of 1000 balanced emails, was able to distinguish real and fake content with over 95% accuracy. The results show that GAN architecture can be a powerful tool in understanding social engineering attacks and testing cyber defense systems.

Keywords

Phishing, Generative Adversarial Networks (GAN), LSTM, Social Engineering

References

• Abdolrazzagh-Nezhad, M., & Langarib, N. (2021). Phishing Detection Techniques: A Review. Data Science: Journal of Computing and Applied Informatics, 9(1). https://doi.org/10.32734/jocai.v9.i1-19904.
• Aden, I., Child, C. H. T., & Reyes-Aldasoro, C. C. (2024). International Classification of Diseases Prediction from MIMIIC-III Clinical Text Using Pre-Trained ClinicalBERT and NLP Deep Learning Models Achieving State of the Art. Big Data and Cognitive Computing, 8(5), 47. https://doi.org/10.3390/bdcc8050047.
• Albahadili, A.J.S., Akbas, A. & Rahebi, J. Detection of phishing URLs with deep learning based on GAN-CNN-LSTM network and swarm intelligence algorithms. SIViP 18, 4979–4995 (2024). https://doi.org/10.1007/s11760-024-03204-2.
• Boukhris, I., Zaâbi, C. A GAN-BERT based decision making approach in peer review. Soc. Netw. Anal. Min. 14, 107 (2024). https://doi.org/10.1007/s13278-024-01269-y.
• Castaño, F., Fidalgo, E., Alegre, E., Chaves, D., & Sanchez-Paniagua, M. (2021). State of the Art: Content-based and Hybrid Phishing Detection. arXiv preprint arXiv:2101.12723. https://arxiv.org/abs/2101.12723.
• Elberri, M.A., Tokeşer, Ü., Rahebi, J. et al. A cyber defense system against phishing attacks with deep learning game theory and LSTM-CNN with African vulture optimization algorithm (AVOA). Int. J. Inf. Secur. 23, 2583–2606 (2024). https://doi.org/10.1007/s10207-024-00851-x.
• Fang, X., Liu, Y., & Zhang, Y. (2019). THEMIS: A Bi-LSTM Based Phishing Email Detection Model. IEEE Access, 7, 122543-122553. https://doi.org/10.1109/ACCESS.2019.2937580.
• Gan, C.L., Lee, Y.Y. & Liew, T.W. Fishing for phishy messages: predicting phishing susceptibility through the lens of cyber-routine activities theory and heuristic-systematic model. Humanit Soc Sci Commun 11, 1552 (2024). https://doi.org/10.1057/s41599-024-04083-1.
• Gayathri, M. S., Gokul, S., Mohanshyam, N., & Sudharsan, P. (2023). Detection of Phishing Attack Using GAN with RFC. Rivista Italiana di Filosofia Analitica Junior, 14(2). https://rifanalitica.it/index.php/journal/article/view/252.
• Kamran, S. A., Sengupta, S., & Tavakkoli, A. (2021). Semi-supervised Conditional GAN for Simultaneous Generation and Detection of Phishing URLs: A Game Theoretic Perspective. arXiv preprint arXiv:2108.01852. https://arxiv.org/abs/2108.01852.
• Kavya, S., Sumathi, D. Staying ahead of phishers: a review of recent advances and emerging methodologies in phishing detection. Artif Intell Rev 58, 50 (2025). https://doi.org/10.1007/s10462-024-11055-z.
• Kritika, Er. (2024). A comprehensive literature review on phishing URL detection using deep learning techniques. Journal of Cyber Security Technology, 1–29. https://doi.org/10.1080/23742917.2024.2378552.
• Nanda, M., Goel, S. URL based phishing attack detection using BiLSTM-gated highway attention block convolutional neural network. Multimed Tools Appl 83, 69345–69375 (2024). https://doi.org/10.1007/s11042-023-17993-0.
• Pham, T. T. T., Pham, T. D., & Ta, V. C. (2023). Evaluation of GAN-based Models for Phishing URL Classifiers. International Journal of Computer Network and Information Security, 15(2), 1-14. https://doi.org/10.5815/ijcnis.2023.02.01.
• Thapa, S., Shrestha, A., & Li, J. (2023). An Explainable Transformer-based Model for Phishing Email Detection: A Large Language Model Approach. arXiv preprint arXiv:2402.13871. https://arxiv.org/abs/2402.13871.