Detection of Social Engineering Attacks Through Natural Language Processing of Conversations

As computer security approaches improve, social engineering attacks have become more prevalent because they exploit human vulnerabilities which are hard to automatically protect. We present an approach to detecting a social engineering attack which applies natural language processing techniques to identify suspicious comments made by an attacker. Social engineering attacks involve either questions which request private information, or commands which request the listener to perform tasks which the speaker is not authorized to perform. Our approach uses natural language processing techniques to detect questions and commands, and extract their likely topics. Each extracted topic is compared against a topic blacklist to determine if the question or command is malicious. Our approach is generally applicable to many attack vectors since it relies only on the dialog text. We have applied our approach to analyze the transcripts of several attack dialogs and we have achieved high detection accuracy and low false positive rates in our experiments.

[1]  Beatrice Santorini,et al.  Building a Large Annotated Corpus of English: The Penn Treebank , 1993, CL.

[2]  Jerry R. Hobbs Resolving pronoun references , 1986 .

[3]  D. Gragg A Multi-Level Defense Against Social Engineering , 2003 .

[4]  Csr Young,et al.  How to Do Things With Words , 2009 .

[5]  Christopher Hadnagy,et al.  Unmasking the Social Engineer: The Human Element of Security , 2014 .

[6]  Ian G. Harris,et al.  Semantic analysis of dialogs to detect social engineering attacks , 2015, Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015).

[7]  William L. Simon,et al.  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers , 2005 .

[8]  A. Koller,et al.  Speech Acts: An Essay in the Philosophy of Language , 1969 .

[9]  Hein S. Venter,et al.  Social engineering attack detection model: SEADM , 2010, 2010 Information Security for South Africa.

[10]  Christopher Hadnagy,et al.  Social Engineering: The Art of Human Hacking , 2010 .

[11]  Jon M. Kleinberg,et al.  Echoes of power: language effects and power differences in social interaction , 2011, WWW.

[12]  Roger Levy,et al.  Tregex and Tsurgeon: tools for querying and manipulating tree data structures , 2006, LREC.

[13]  Jamison W Scheeres Establishing the Human Firewall: Reducing an Individual's Vulnerability to Social Engineering Attacks , 2012 .

[14]  Dan Klein,et al.  Accurate Unlexicalized Parsing , 2003, ACL.