Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

Increase in usage of electronic communication tools (email, IM, Skype, etc.) in enterprise environments has created new attack vectors for social engineers. Billions of people are now using electronic equipment in their everyday workflow which means billions of potential victims of Social Engineering (SE) attacks. Human is considered the weakest link in cybersecurity chain and breaking this defense is nowadays the most accessible route for malicious internal and external users. While several methods of protection have already been proposed and applied, none of these focuses on chat-based SE attacks while at the same time automation in the field is still missing. Social engineering is a complex phenomenon that requires interdisciplinary research combining technology, psychology, and linguistics. Attackers treat human personality traits as vulnerabilities and use the language as their weapon to deceive, persuade and finally manipulate the victims as they wish. Hence, a holistic approach is required to build a reliable SE attack recognition system. In this paper we present the current state-of-the-art on SE attack recognition systems, we dissect a SE attack to recognize the different stages, forms, and attributes and isolate the critical enablers that can influence a SE attack to work. Finally, we present our approach for an automated recognition system for chat-based SE attacks that is based on Personality Recognition, Influence Recognition, Deception Recognition, Speech Act and Chat History.

[1]  Steven Furnell,et al.  Assessing end-user awareness of social engineering and phishing , 2006 .

[2]  Aoying Zhou,et al.  Towards online review spam detection , 2014, WWW.

[3]  Marcus Nohlberg Securing Information Assets: Understanding, Measuring and Protecting against Social Engineering Attacks , 2008 .

[4]  RYAN HEARTFIELD,et al.  A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks , 2015, ACM Comput. Surv..

[5]  Ian G. Harris,et al.  Semantic analysis of dialogs to detect social engineering attacks , 2015, Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015).

[6]  Sven Übelacker,et al.  The Social Engineering Personality Framework , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.

[7]  Yejin Choi,et al.  Syntactic Stylometry for Deception Detection , 2012, ACL.

[8]  Sarah Granger,et al.  Social Engineering Fundamentals, Part I: Hacker Tactics , 2003 .

[9]  R. Cialdini Influence: The Psychology of Persuasion , 1993 .

[10]  Bernadette H. Schell,et al.  Webster's New World Hacker Dictionary (Webster's New World) , 2006 .

[11]  Jamison W Scheeres Establishing the Human Firewall: Reducing an Individual's Vulnerability to Social Engineering Attacks , 2012 .

[12]  Andreas Stolcke,et al.  Distinguishing deceptive from non-deceptive speech , 2005, INTERSPEECH.

[13]  Jukka Vuorinen,et al.  Dissecting social engineering , 2013, Behav. Inf. Technol..

[14]  Erik Cambria,et al.  Deep Learning-Based Document Modeling for Personality Detection from Text , 2017, IEEE Intelligent Systems.

[15]  J. Searle,et al.  Speech act theory and pragmatics , 1980 .

[16]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[17]  Thomas Peltier,et al.  Social Engineering: Concepts and Solutions , 2006 .

[18]  Lech J. Janczewski,et al.  Social engineering-based attacks: Model and new zealand perspective , 2010, Proceedings of the International Multiconference on Computer Science and Information Technology.

[19]  D. Gragg A Multi-Level Defense Against Social Engineering , 2003 .

[20]  Charles D. Spielberger,et al.  Encyclopedia of applied psychology , 2004 .

[21]  Francois Mouton Social Engineering Attack Detection Model , 2018 .

[22]  Claire Cardie,et al.  Finding Deceptive Opinion Spam by Any Stretch of the Imagination , 2011, ACL.

[23]  Hein S. Venter,et al.  Social Engineering Attack Detection Model: SEADMv2 , 2015, 2015 International Conference on Cyberworlds (CW).

[24]  P Kanis Controlling the human element. , 2001, Occupational health & safety.

[25]  Hein S. Venter,et al.  Social engineering attack detection model: SEADM , 2010, 2010 Information Security for South Africa.

[26]  Christopher D. Manning,et al.  Generating Typed Dependency Parses from Phrase Structure Parses , 2006, LREC.

[27]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[28]  R. Cialdini,et al.  Influence: Science & Practice , 1986 .

[29]  Pär Anders Granhag,et al.  The Detection of Deception in Forensic Contexts , 2005 .

[30]  Thomas R. Peltier Social Engineering: Concepts and Solutions , 2006, Inf. Secur. J. A Glob. Perspect..

[31]  Terry Winograd,et al.  A language/action perspective on the design of cooperative work , 1986, CSCW '86.

[32]  Ian G. Harris,et al.  Detection of Social Engineering Attacks Through Natural Language Processing of Conversations , 2016, 2016 IEEE Tenth International Conference on Semantic Computing (ICSC).

[33]  Ali Darwish,et al.  Towards understanding phishing victims' profile , 2012, 2012 International Conference on Computer Systems and Industrial Informatics.

[34]  M. Walker,et al.  Words Mark the Nerds: Computational Models of Personality Recognition through Language , 2006 .

[35]  M. Zuckerman Verbal and nonverbal communication of deception , 1981 .