4,807 research outputs found
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses
As the convergence between our physical and digital worlds continue at a rapid pace, securing our digital information is vital to our prosperity. Most current typical computer systems are unwittingly helpful to attackers through their predictable responses. In everyday security, deception plays a prominent role in our lives and digital security is no different. The use of deception has been a cornerstone technique in many successful computer breaches. Phishing, social engineering, and drive-by-downloads are some prime examples. The work in this dissertation is structured to enhance the security of computer systems by using means of deception and deceit
Detecting and characterizing lateral phishing at scale
We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks
Automated Crowdturfing Attacks and Defenses in Online Review Systems
Malicious crowdsourcing forums are gaining traction as sources of spreading
misinformation online, but are limited by the costs of hiring and managing
human workers. In this paper, we identify a new class of attacks that leverage
deep learning language models (Recurrent Neural Networks or RNNs) to automate
the generation of fake online reviews for products and services. Not only are
these attacks cheap and therefore more scalable, but they can control rate of
content output to eliminate the signature burstiness that makes crowdsourced
campaigns easy to detect.
Using Yelp reviews as an example platform, we show how a two phased review
generation and customization attack can produce reviews that are
indistinguishable by state-of-the-art statistical detectors. We conduct a
survey-based user study to show these reviews not only evade human detection,
but also score high on "usefulness" metrics by users. Finally, we develop novel
automated defenses against these attacks, by leveraging the lossy
transformation introduced by the RNN training and generation cycle. We consider
countermeasures against our mechanisms, show that they produce unattractive
cost-benefit tradeoffs for attackers, and that they can be further curtailed by
simple constraints imposed by online service providers
Automating Cyberdeception Evaluation with Deep Learning
A machine learning-based methodology is proposed and implemented for conducting evaluations of cyberdeceptive defenses with minimal human involvement. This avoids impediments associated with deceptive research on humans, maximizing the efficacy of automated evaluation before human subjects research must be undertaken. Leveraging recent advances in deep learning, the approach synthesizes realistic, interactive, and adaptive traffic for consumption by target web services. A case study applies the approach to evaluate an intrusion detection system equipped with application-layer embedded deceptive responses to attacks. Results demonstrate that synthesizing adaptive web traffic laced with evasive attacks powered by ensemble learning, online adaptive metric learning, and novel class detection to simulate skillful adversaries constitutes a challenging and aggressive test of cyberdeceptive defenses
Recommended from our members
A STUDY OF SOCIAL ENGINEERING CONCEPTS WITHIN A DECEPTIVE DEFENSE
Organizations fall victim to costly attacks every year. This has created a need for more successful layers of defense. To aid in this need for additional defense, this study researches a way to bolster an underused defense style called deceptive defense. Researchers agree that deceptive defense could be the future of cybersecurity, and they call for more research in the deceptive category. The unresolved question from these researchers is what attack style could be used with a deception-based defense against an attacker. From this unresolved question, it was also determined that social engineering should be used in this culminating experience project as the attack style in question. This led to the question: “How can cyber defensive deception borrow concepts from social engineering to aid in bolstering a deception-based defense?” This project focused on researching concepts from both deceptive defense and social engineering, and to apply concepts from a popular attack style to a less popular defense style. This was done through a path of research into techniques, influence concepts, and two popular frameworks. It takes a 4-phased approach: researching deceptive defense techniques, researching social engineering concepts, researching two popular frameworks, and then applying one to the other. The findings are that: (1) there are similar concepts from both attack and defense styles; (2) there are techniques with similar applications but applied to the opposite parties (attackers or defenders); (3) and that it was possible to pull concepts from the social engineering framework to plan a deception-based defense. Further research would be desirable in an applied approach of how an attacker reacts to each persuasion principle. More research would also be recommended in the honeypot technique as an alerting and profiling technique
- …