A Study of Preventing Email (Spear) Phishing by Enabling Human Intelligence

Stembert, Nathalie; Padmos, Arne; Bargh, Mortaza S.; Choenni, Sunil; Jansen, Frans

doi:10.1109/eisic.2015.38

Cited by 30 publications

(24 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Technical prediction systems have been previously proposed in [35] and more recently [36]. The first describes a system which would present users through a series of information security related questions within a web pop-up.…”

Section: Predicting Susceptibility a Related Workmentioning

confidence: 99%

“…In relation to semantic attack threats, the concept is very new. There is one example specifically for phishing attacks [36]. We argue that the concept can be explored much further and for most semantic attacks, where the human user's situational knowledge can help detect attacks that are otherwise largely undetectable by technical security systems.…”

Section: Human As a Security Sensor (Haass)mentioning

confidence: 99%

See 1 more Smart Citation

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

2016

View full text Add to dashboard Cite

Semantic social engineering attacks are a pervasive threat to computer and communication systems. By employing deception rather than by exploiting technical vulnerabilities, spear-phishing, obfuscated URLs, drive-by downloads, spoofed websites, scareware, and other attacks are able to circumvent traditional technical security controls and target the user directly. Our aim is to explore the feasibility of predicting user susceptibility to deception-based attacks through attributes that can be measured, preferably in real-time and in an automated manner. Toward this goal, we have conducted two experiments, the first on 4333 users recruited on the Internet, allowing us to identify useful high-level features through association rule mining, and the second on a smaller group of 315 users, allowing us to study these features in more detail. In both experiments, participants were presented with attack and non-attack exhibits and were tested in terms of their ability to distinguish between the two. Using the data collected, we have determined practical predictors of users' susceptibility against semantic attacks to produce and evaluate a logistic regression and a random forest prediction model, with the accuracy rates of .68 and .71, respectively. We have observed that security training makes a noticeable difference in a user's ability to detect deception attempts, with one of the most important features being the time since last self-study, while formal security education through lectures appears to be much less useful as a predictor. Other important features were computer literacy, familiarity, and frequency of access to a specific platform. Depending on an organisation's preferences, the models learned can be configured to minimise false positives or false negatives or maximise accuracy, based on a probability threshold. For both models, a threshold choice of 0.55 would keep both false positives and false negatives below 0.2.INDEX TERMS Security, cyber crime, social engineering, semantic attacks. 6910 2169-3536

show abstract

Section: Predicting Susceptibility a Related Workmentioning

confidence: 99%

Section: Human As a Security Sensor (Haass)mentioning

confidence: 99%

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

2016

View full text Add to dashboard Cite

show abstract

“…The extension of this concept, which positions human computer users as physical sensors of cyber attacks, and in this specific case semantic attacks, is relatively new. Stembert et al [10] have recently proposed combining a reporting function with blocking and warning of suspicious emails and the provision of educative tips, so as to harness the intelligence of expert and novice users in detecting email phishing attacks in a corporate environment. Initial experimental results of their mock-up have been encouraging for the applicability of the human as a security sensor concept in this context.…”

Section: Related Workmentioning

confidence: 99%

An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

Heartfield

Loukas

Gan

2017

2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA)

View full text Add to dashboard Cite

In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other semantic social engineering attacks. Here, we put the concept of the humanas-a-security-sensor to the test with a first case study on a small number of participants subjected to different attacks in a controlled laboratory environment and provided with a mechanism to report these attacks if they spot them. A key challenge is to estimate the reliability of each report, which we address with a machine learning approach. For comparison, we evaluate the ability of known technical security countermeasures in detecting the same threats. This initial proof of concept study shows that the concept is viable.

show abstract

“…Yet, rather surprisingly the concept is very new in relation to detecting and reporting threats in cyber space. We are aware of only one very recent example of research geared specifically towards phishing attacks (N. Stembert et al, 2015). Here, we take the first steps towards exploring the applicability of the concept more generally by testing the reliability of human users as sensors of security threats.…”

Section: Introductionmentioning

confidence: 99%

“…Also, complementing previous research on predicting whether a particular attacker will be successful in their attack (A. ; S. ), here we identify features and models for predicting whether a particular user will successfully detect an attack. Stembert et al, (2015) have very recently proposed combining a reporting function with blocking and warning of suspicious emails and the provision of educative tips, so as to harness the intelligence of expert and novice users in detecting email phishing attacks in a corporate environment. Initial experimental results of their mock-up have been encouraging for the applicability of the human as a sensor concept in this context.…”

Section: Introductionmentioning

confidence: 99%

Predicting the performance of users as human sensors of security threats in social media

Heartfield¹,

Loukas²

2016

IJCSA

View full text Add to dashboard Cite

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber threats, specifically on social media. For this, we have conducted an online test and accompanying questionnairebased survey, which was taken by 4,457 users. The test included eight realistic social media scenarios (four attack and four non-attack) in the form of screenshots, which the participants were asked to categorise as "likely attack" or "likely not attack". We present the overall performance of human sensors in our experiment for each exhibit, and also apply logistic regression and Random Forest classifiers to evaluate the feasibility of predicting that performance based on different characteristics of the participants. Such prediction would be useful where accuracy of human sensors in detecting and reporting social media security threats is important. We identify features that are good predictors of a human sensor's performance and evaluate them in both a theoretical ideal case and two more realistic cases, the latter corresponding to limited access to a user's characteristics Keyword: -Social media, computer security, semantic attacks, phishing, social engineering, human as a sensor.

show abstract

A Study of Preventing Email (Spear) Phishing by Enabling Human Intelligence

Cited by 30 publications

References 23 publications

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

Predicting the performance of users as human sensors of security threats in social media

Contact Info

Product

Resources

About