Content analysis and modeling interactions in social engineering attacks

Date

2022-08

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Social engineering attacks encompass a wide range of manipulative activities to elicit sensitive information from humans. This type of attack has become one of the preferred methods of attackers because it is easier to manipulate the weakest link in cybersecurity( i.e., humans). It is more convenient to take advantage of humans' tendency to trust rather than find technical ways to hack and exploit infrastructures, especially given the advancements in cyber-defense capabilities. Another tool that paves the way for adversarial agents in this type of attack is the growth of social media. This publicly available online data about victims facilitates the first step for conducting such an attack: reconnaissance and discovering and collecting information about the victim. Other steps for social engineering attacks include establishing trust, exploiting relationships or abusing victims' vulnerabilities, and conducting the attack. These steps classify social engineering attacks as multi-step attacks, with the attacker's only concession being the need for more time. These characteristics, as well as the low cost and high effectiveness of such attacks, make them more common day by day. Despite the prevalence and importance of social engineering attacks, this line of research is in infancy.

Modeling and simulation of challenging problems are often the first steps in finding a good solution for them. So, in this study, we modeled a generic social engineering attack and analyzed various aspects of it to provide a better insight into it and gain a better understanding. To accomplish such a lofty goal, we proposed a system comprised of three entities: an adversarial agent (the attacker), a content analysis framework, and the novice users, with the goal of analyzing each entity. For a generic social engineering attack, we proposed a model based on Markov Decision Process (MDP). Furthermore, after modeling such a system, we investigated the possibility of finding the best strategy for sending truthful or deceptive messages from the attacker's perspective. On the other hand, we investigated the feasibility of developing a content analysis framework for detecting deceptive messages using Machine Learning and Natural Language Processing (NLP) techniques, as well as comprehension of novice users when exposed to cyber security alert messages. Finally, because emotions play an important role in social engineering attacks, particularly at the stage of abusing the victims' vulnerabilities, we investigated the possibility of detecting emotions from sound events using machine learning models. Such automatic emotion detection can also help generate effective alerts to the users.

Our findings showed that using optimal actions by MDP, the agent obtained more rewards while avoiding being blocked and overall better strategy compared to a random policy. In addition, we could predict emotions from sound events using machine learning techniques. Our experiments on emotion prediction stated that it is relatively more challenging to predict induced emotion than perceived emotion. Furthermore, we showed that it is possible to detect misleading textual data using NLP techniques. Using Linguistic features, we could detect fake reviews with reasonable accuracy. Finally, we discovered that novice users pay attention mainly to the keywords in cybersecurity alert messages rather than the semantics.


Embargo status: Restricted until 09/2172. To request the author grant access, click on the PDF link to the left.

Description

Rights

Availability

Restricted from online display.

Keywords

Modeling SE Attacks, Content Analysis

Citation