Manipulation of perceived politeness in a web-based email discourse through a malicious browser extension

Sharevski, Filipo; Treebridge, Paige; Westbrook, Jessica

doi:10.1145/3368860.3368863

Cited by 6 publications

(5 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bullee et al (2017) find that participants from countries with a higher Power Distance Index (PDI), which means that individuals are more likely to comply with hierarchy, are more vulnerable to phishing than those individuals from countries with a lower PDI. Sharevski et al (2019) show how to leverage cultural factors to tailor message appeal.…”

Section: Culturementioning

confidence: 99%

Human Cognition Through the Lens of Social Engineering Cyberattacks

Montañez

Golob

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called Cybersecurity Cognitive Psychology , which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

show abstract

Section: Culturementioning

confidence: 99%

Human Cognition Through the Lens of Social Engineering Cyberattacks

Montañez

Golob

2020

Front. Psychol.

View full text Add to dashboard Cite

show abstract

“…The first is research on adversarial machine learning, which is a study of how adversaries can gain an advantage over a deployed machine learning model by figuring out how the model works and changing the model's decision boundary, or its inputs until it mis-classifies the input [35]. The second body of research is on ambient tactical deception or ATD [69], which is a linguistics manipulation attack targeting the textual content of a web page, social media post, or an email with the goal to deceive a target user.…”

Section: Trollhunter-evader: Evading Automated Trolling Detection 41 ...mentioning

confidence: 99%

“…The malware is packaged as a browser extension, an email client "add-in" (e.g. Outlook), or an entirely new application [69]. Developing extensions, add-ins and apps is free and a benign software can pass all the security checks before publishing [53].…”

Section: Adversarial Machine Learningmentioning

confidence: 99%

“…4.6.2 Two Birds with One Scone. When combined with ambient tactical deception, for example by changing text to seem less polite to give the target a negative outlook on how they are perceived [69], the adversary simply needs to pick words that they would like to have be censored from the text to which they expose their target. Combining these two attacks would mean that, in addition to increasing the difficulty for detecting this content using automated means, the text could be easily re-purposed, reducing the need for expensive human resources to perform an disinformation campaign.…”

Section: Trollhunter-evader: Implicationsmentioning

confidence: 99%

“…One of these methods is the use of an adversarial machine learning technique called "Test Time Evasion (TTE)" where adversaries can gain an advantage over a deployed machine learning model for trolling detection by figuring out how the model works and changing the input sample to cause the model to misclassify a trolling tweet as a "non-trolling" [35]. Employing a variant of TTE in combination with the linguistic manipulation technique known as Ambient Tactical Deception (ATD) [69], we developed and tested an automated tool called TrollHunter-Evader to evade trolling detection. The TrollHunter-Evader was able to reduce the TrollHunter's performance of accurately detecting trolling tweets by 40%.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

TrollHunter [Evader]: Automated Detection [Evasion] of Twitter Trolls During the COVID-19 Pandemic

Jachim¹,

Sharevski²,

Treebridge³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

This paper presents TrollHunter, an automated reasoning mechanism we used to hunt for trolls on Twitter during the COVID-19 pandemic in 2020. Trolls, poised to disrupt the online discourse and spread disinformation, quickly seized the absence of a credible response to COVID-19 and created a COVID-19 infodemic by promulgating dubious content on Twitter. To counter the COVID-19 infodemic, the TrollHunter leverages a unique linguistic analysis of a multi-dimensional set of Twitter content features to detect whether or not a tweet was meant to troll. TrollHunter achieved 98.5% accuracy, 75.4% precision and 69.8% recall over a dataset of 1.3 million tweets. Without a final resolution of the pandemic in sight, it is unlikely that the trolls will go away, although they might be forced to evade automated hunting. To explore the plausibility of this strategy, we developed and tested an adversarial machine learning mechanism called TrollHunter-Evader. TrollHunter-Evader employs a Test Time Evasion (TTE) approach in a combination with a Markov chain-based mechanism to recycle originally trolling tweets. The recycled tweets were able to achieve a remarkable 40% decrease in the TrollHunter's ability to correctly identify trolling tweets. Because the COVID-19 infodemic could have a harmful impact on the COVID-19 pandemic, we provide an elaborate discussion about the implications of employing adversarial machine learning to evade Twitter troll hunts. CCS CONCEPTS• Security and privacy → Social network security and privacy; Malware and its mitigation; • Computing methodologies → Dynamic programming for Markov decision processes;

show abstract