Containers
Spear Phishing Pipeline

Spear Phishing Pipeline

Logo for Spear Phishing Pipeline
Description
The Spear Phishing Pipeline container image contains a compiled Morpheus pipeline that is designed to act as a Postfix SMTP e-mail content filter and mock e-mail generator.
Publisher
NVIDIA
Latest Tag
0.1.0
Modified
March 9, 2024
Compressed Size
11.92 GB
Multinode Support
No
Multi-Arch Support
No
0.1.0 (Latest) Security Scan Results

Linux / amd64

Sorry, your browser does not support inline SVG.

The Spear Phishing Detection pipeline container image contains a compiled Morpheus pipeline that is designed to act as a Postfix SMTP e-mail content filter and mock e-mail generator. This container image is part of the Spear Phishing Detection AI Workflow.

This image can be run in one of two modes: Pipeline or Mock E-mail Generator.

Inference

In Inference mode, the pipeline will listen for SMTP e-mail from a separate Postfix container, enrich the e-mail with results from intention classification & per-sender sketch history, calculate a phishing-likliness score, and then return the mail to Postfix for delivery to the next-hop SMTP server. This is typically started with the following arguments:

python phishing_inference_smtp.py --intent money --intent banking --intent crypto --model_name $PHISHING_MODEL_NAME --sender_sketch_db_driver_name postgresql+psycopg2 --sender_sketch_db_host $PHISHING_SENDER_SKETCH_DB_HOST --sender_sketch_db_password $PHISHING_SENDER_SKETCH_DB_PASSWORD --sender_sketch_db_port $PHISHING_SENDER_SKETCH_DB_PORT --sender_sketch_db_username $PHISHING_SENDER_SKETCH_DB_USERNAME --sender_sketch_db_database_name $PHISHING_SENDER_SKETCH_DB_DATABASE_NAME --smtp_filter_port 10025 --smtp_sub_port 10026 --smtp_sub_host $PHISHING_SMTP_SUB_HOST --tracking_uri $PHISHING_TRACKING_URI --smtp_source_queue_retry_delay $PHISHING_SMTP_SOURCE_QUEUE_RETRY_DELAY --smtp_source_queue_max_retries $PHISHING_SMTP_SOURCE_QUEUE_MAX_RETRIES --smtp_source_queue_max_size $PHISHING_SMTP_SOURCE_QUEUE_MAX_SIZE

Mock E-mail Generator

The mock e-mail generator mode will read from a provided CSV file of e-mails (body,arrival_time,sender,intents,label,source,extra_info,subject,gen_ai_subject). The generator is controlled using environment variables:

python ./scripts/gen_emails.py

  • DESTINATION_ADDRESS: the e-mail address to send the mails to
  • EMAIL_SET: the path to the e-mail dataset CSV file
  • MAX_RATE: the rate (in e-mails per second) to send mails (can be float, e.g. 0.1 for 1 e-mail per 10 seconds)
  • SMTP_HOST: the mail server to receive the mail