Semantic analysis of dialogs to detect social engineering attacks

Bhakta, Ram; Harris, Ian G.

doi:10.1109/icosc.2015.7050843

Cited by 22 publications

(13 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Different personal capabilities of understanding the types of malicious intent of social engineering attacks creates another big challenge in awareness programs [55]. In the past, the approaches of social engineering techniques were more straightforward than they are today.…”

Section: Economicalmentioning

confidence: 99%

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Aldawood

Skinner

2019

Future Internet

View full text Add to dashboard Cite

The idea and perception of good cyber security protection remains at the forefront of many organizations' information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations' human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users' proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.

show abstract

Section: Economicalmentioning

confidence: 99%

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Aldawood

Skinner

2019

Future Internet

View full text Add to dashboard Cite

show abstract

“…Targeted responses employ self-disclosure as a strategic approach for building an engaging conversation (Ravichander and Black 2018). For SE detection, topic models (Bhakta and Harris 2015) and NLP of conversations (Sawa et al 2016) are leveraged. However, all of these approaches are limited to a pre-defined set of topics, constrained by the training corpus.…”

Section: Related Workmentioning

confidence: 99%

Detecting Asks in Social Engineering Attacks: Impact of Linguistic and Structural Knowledge

Dorr

Bhatia

Dalton

et al. 2020

AAAI

View full text Add to dashboard Cite

Social engineers attempt to manipulate users into undertaking actions such as downloading malware by clicking links or providing access to money or sensitive information. Natural language processing, computational sociolinguistics, and media-specific structural clues provide a means for detecting both the ask (e.g., buy gift card) and the risk/reward implied by the ask, which we call framing (e.g., lose your job, get a raise). We apply linguistic resources such as Lexical Conceptual Structure to tackle ask detection and also leverage structural clues such as links and their proximity to identified asks to improve confidence in our results. Our experiments indicate that the performance of ask detection, framing detection, and identification of the top ask is improved by linguistically motivated classes coupled with structural clues such as links. Our approach is implemented in a system that informs users about social engineering risk situations.

show abstract

“…The proposed and revised SEADMv2 extends the previous model. Bhakta et al [4] argue that the most effective SE attacks involve a dialog between the attacker and the victim. Their approach uses a predefined Topic Blacklist (TBL) against which dialog sentences are checked.…”

Section: Related Workmentioning

confidence: 99%

Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

Tsinganos

Sakellariou

Fouliras

et al. 2018

Proceedings of the 13th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Increase in usage of electronic communication tools (email, IM, Skype, etc.) in enterprise environments has created new attack vectors for social engineers. Billions of people are now using electronic equipment in their everyday workflow which means billions of potential victims of Social Engineering (SE) attacks. Human is considered the weakest link in cybersecurity chain and breaking this defense is nowadays the most accessible route for malicious internal and external users. While several methods of protection have already been proposed and applied, none of these focuses on chat-based SE attacks while at the same time automation in the field is still missing. Social engineering is a complex phenomenon that requires interdisciplinary research combining technology, psychology, and linguistics. Attackers treat human personality traits as vulnerabilities and use the language as their weapon to deceive, persuade and finally manipulate the victims as they wish. Hence, a holistic approach is required to build a reliable SE attack recognition system. In this paper we present the current state-of-the-art on SE attack recognition systems, we dissect a SE attack to recognize the different stages, forms, and attributes and isolate the critical enablers that can influence a SE attack to work. Finally, we present our approach for an automated recognition system for chatbased SE attacks that is based on Personality Recognition, Influence Recognition, Deception Recognition, Speech Act and Chat History. CCS CONCEPTS • Security and privacy → Phishing; • Computing methodologies → Supervised learning;

show abstract

Semantic analysis of dialogs to detect social engineering attacks

Cited by 22 publications

References 9 publications

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Detecting Asks in Social Engineering Attacks: Impact of Linguistic and Structural Knowledge

Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

Contact Info

Product

Resources

About