Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks

Highly targeted spear phishing attacks are increasingly common, and have been implicated in many major security breeches. Email filtering systems are the first line of defense against such attacks. These filters are typically configured with uniform thresholds for deciding whether or not to allow a message to be delivered to a user. However, users have very significant differences in both their susceptibility to phishing attacks as well as their access to critical information and credentials that can cause damage. Recent work has considered setting personalized thresholds for individual users based on a Stackelberg game model. We consider two important extensions of the previous model. First, in our model user values can be substitutable, modeling cases where multiple users provide access to the same information or credential. Second, we consider attackers who make sequential attack plans based on the outcome of previous attacks. Our analysis starts from scenarios where there is only one credential and then extends to more general scenarios with multiple credentials. For single-credential scenarios, we demonstrate that the optimal defense strategy can be found by solving a binary combinatorial optimization problem called PEDS. For multiple-credential scenarios, we formulate it as a bilevel optimization problem for finding the optimal defense strategy and then reduce it to a single level optimization problem called PEMS using complementary slackness conditions. Experimental results show that both PEDS and PEMS lead to significant higher defender utilities than two existing benchmarks in different parameter settings. Also, both PEDS and PEMS are more robust than the existing benchmarks considering uncertainties.

[1]  P. Schweitzer,et al.  Generalized polynomial approximations in Markovian decision processes , 1985 .

[2]  M. K. Ghosh,et al.  Stochastic differential games: Occupation measure based approach , 1992 .

[3]  Remco R. Bouckaert,et al.  Efficient AUC Learning Curve Calculation , 2006, Australian Conference on Artificial Intelligence.

[4]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[5]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[6]  Lorrie Faith Cranor,et al.  Improving phishing countermeasures: An analysis of expert interviews , 2009, 2009 eCrime Researchers Summit.

[7]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[8]  Patrick Gage Kelley Conducting Usable Privacy & Security Studies with Amazon ’ s Mechanical Turk , 2010 .

[9]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[10]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[11]  P. Lalitha,et al.  New Filtering Approaches for Phishing Email , 2013 .

[12]  Bo An,et al.  Game-Theoretic Resource Allocation for Protecting Large Public Events , 2014, AAAI.

[13]  Priyanka Deshmukh,et al.  Detecting of targeted malicious email , 2014, 2014 IEEE Global Conference on Wireless Computing & Networking (GCWCN).

[14]  Bo An,et al.  Security Games with Protection Externalities , 2015, AAAI.

[15]  Bo An,et al.  Computing Optimal Mixed Strategies for Security Games with Dynamic Payoffs , 2015, IJCAI.

[16]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.