Report
Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK
| العنوان: | Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK |
|---|---|
| المؤلفون: | Shi, Zheyuan Ryan, Schlenker, Aaron, Hay, Brian, Bittleston, Daniel, Gao, Siyu, Peterson, Emily, Trezza, John, Fang, Fei |
| سنة النشر: | 2019 |
| المجموعة: | Computer Science |
| مصطلحات موضوعية: | Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computer Science and Game Theory, Computer Science - Social and Information Networks |
| الوصف: | Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today's online users. One clever technique, the "watering hole" attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal protection policy. To illustrate the potential use of our framework, we built a browser extension based on our algorithms which is now publicly available online. The CyberTWEAK extension will be vital to the continued development and deployment of countermeasures for social engineering. Comment: IAAI-20, AICS-2020 Workshop |
| نوع الوثيقة: | Working Paper |
| URL الوصول: | http://arxiv.org/abs/1901.00586 |
| رقم الانضمام: | edsarx.1901.00586 |
| قاعدة البيانات: | arXiv |
| الوصف غير متاح. |