59 research outputs found
A Modular and Adaptive System for Business Email Compromise Detection
The growing sophistication of Business Email Compromise (BEC) and spear
phishing attacks poses significant challenges to organizations worldwide. The
techniques featured in traditional spam and phishing detection are insufficient
due to the tailored nature of modern BEC attacks as they often blend in with
the regular benign traffic. Recent advances in machine learning, particularly
in Natural Language Understanding (NLU), offer a promising avenue for combating
such attacks but in a practical system, due to limitations such as data
availability, operational costs, verdict explainability requirements or a need
to robustly evolve the system, it is essential to combine multiple approaches
together. We present CAPE, a comprehensive and efficient system for BEC
detection that has been proven in a production environment for a period of over
two years. Rather than being a single model, CAPE is a system that combines
independent ML models and algorithms detecting BEC-related behaviors across
various email modalities such as text, images, metadata and the email's
communication context. This decomposition makes CAPE's verdicts naturally
explainable. In the paper, we describe the design principles and constraints
behind its architecture, as well as the challenges of model design, evaluation
and adapting the system continuously through a Bayesian approach that combines
limited data with domain knowledge. Furthermore, we elaborate on several
specific behavioral detectors, such as those based on Transformer neural
architectures
RAIDER: Reinforcement-aided Spear Phishing Detector
Spear Phishing is a harmful cyber-attack facing business and individuals
worldwide. Considerable research has been conducted recently into the use of
Machine Learning (ML) techniques to detect spear-phishing emails. ML-based
solutions may suffer from zero-day attacks; unseen attacks unaccounted for in
the training data. As new attacks emerge, classifiers trained on older data are
unable to detect these new varieties of attacks resulting in increasingly
inaccurate predictions. Spear Phishing detection also faces scalability
challenges due to the growth of the required features which is proportional to
the number of the senders within a receiver mailbox. This differs from
traditional phishing attacks which typically perform only a binary
classification between phishing and benign emails. Therefore, we devise a
possible solution to these problems, named RAIDER: Reinforcement AIded Spear
Phishing DEtectoR. A reinforcement-learning based feature evaluation system
that can automatically find the optimum features for detecting different types
of attacks. By leveraging a reward and penalty system, RAIDER allows for
autonomous features selection. RAIDER also keeps the number of features to a
minimum by selecting only the significant features to represent phishing emails
and detect spear-phishing attacks. After extensive evaluation of RAIDER over
11,000 emails and across 3 attack scenarios, our results suggest that using
reinforcement learning to automatically identify the significant features could
reduce the dimensions of the required features by 55% in comparison to existing
ML-based systems. It also improves the accuracy of detecting spoofing attacks
by 4% from 90% to 94%. In addition, RAIDER demonstrates reasonable detection
accuracy even against a sophisticated attack named Known Sender in which
spear-phishing emails greatly resemble those of the impersonated sender.Comment: 16 page
A Study of Scams and Frauds using Social Engineering in “The Kathmandu Valley” of Nepal
Social Engineering scams are common in Nepal. Coupled with inability of government to enforce policies over technology giants and large swaths of population that are uneducated, social engineering scams and frauds are a real issue. The purpose of the thesis is to find out the extent and impact of social engineering attacks in “The Kathmandu valley” of Nepal. The Kathmandu valley consists of 3 cities including the capital city of Nepal.
To conduct the research, the newspaper “The Kathmandu Post” from the year 2019 to 2022 was downloaded and searched for keywords “scam” and “fraud”. After which the results were manually examined to separate news reports of social engineering attacks in Nepal and other countries. Also, a survey was conducted by visiting parks in the Kathmandu valley. A total of 149 people were interviewed to collect data by asking 21 questions regarding social engineering attack faced by the interviewee. Further, literature review of the research papers published related to social engineering and phishing was conducted.
The main finding of the thesis was that public awareness program are effective reducing the extent and impact of social engineering attacks in Nepal. The survey suggests large percentage of population have become victims of social engineering attack attempts. More than 70 percent have received messages on WhatsApp regarding fake lottery wins
- …