Networking and Cybersecurity

SOCIAL ENGINEERING ATTACKS

Detecting and Responding to Phishing

Social engineering attacks such as phishing and impersonating are on the rise, as often an organization's weakest link in security is the human in the loop. According to the 2017 Verizon Data Breach Report, nearly half of all documented breaches involved social engineering attacks. Social engineering attacks often have a digital component, such as use of SMS, email, or social media accounts, or use a combination of channels. As such, within the metadata of each channel are clues that could lead to attack detection and in some case, clues as to who the attacker is. By applying NLU and NLP to the language an attacker uses and combining extracted features from the language with metadata from the channel, we can produce new methods for detection and fingerprint campaigns across multiple attempts. This work is currently being developed under the PIRANHA project (DARPA's ASED program), where, in addition to detection, we are developing automatic methods to respond to phishing attacks and trick attackers into giving up details about themselves.