Artemis

From NetSysLab

Jump to: navigation, search

Defending Against Automated Large-Scale Cyber Intrusions by Focusing on the Vulnerable Population

(This project is a collaboration between NetSysLab and LERSSE)

State-of-the-art defenses against automated mass-scale cyber-attacks are mostly reactive and generally follow a ‘first-detect-then-prevent’ approach. This gives attackers the ability to evade detection by adjusting their tactics in order to circumvent the employed defenses and still reach the end-users.

This project advocates for a proactive approach of identifying the vulnerable users, and employing this information to better protect them by building more robust and efficient system-wide defenses. Specifically, our focus is on investigating novel defenses at the level of the system/infrastructure as well as at the level of individual users in large socio-technical systems.

The goal is to develop techniques to identify the population of users vulnerable to various types of large-scale automated attacks. Then, using this knowledge to improve the robustness and efficiency of system-wide defenses, as well as to uncover ways to influence the behaviour of vulnerable users in order to decrease their susceptibility to large-scale attacks.

Artemis is a continuation of our work on socialbots and cyber threats in online social networks.

Contents

Background

Social engineering is one of the key attack vectors faced by large socio-technical systems (e.g., email and online social networks).

Attacks based on social engineering rely on exploiting unsafe decisions by individual users, (e.g., providing credentials to a phishing website or downloading malicious software).

Such, largely automated, attacks are increasing in frequency, scale, and sophistication.

State of the art

Current defenses against automated social-engineering attacks in socio-technical systems are generally reactive and victim-agnostic. Such defenses identify attack actions (e.g., phishing emails, social-bot infiltrations, malware downloads) based on either structural, contextual, or behavioral attributes of the attack or the attacker.

The reactive and victim-agnostic nature of the current defense paradigm gives attackers the opportunity to evade detection (by adjusting their tactics), circumvent the employed defenses, and still reach the end-users.

People

Publications

Also see publications related to our previous project on social-bots.

Journal/Conference/Workshop Publications

[5] An Early Warning System for Suspicious Accounts, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Baris Coskun, Meizhu Liu, 8th ACM Workshop on Artificial Intelligence and Security (AI-Sec), Dallas, TX, November 2017 pdf slides
[4] Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber Intrusions by Focusing on the Vulnerable Population, Hassan Halawa, Konstantin Beznosov, Yazan Boshmaf, Baris Coskun, Matei Ripeanu and Elizeu Santos-Neto, New Security Paradigms Workshop (NSPW 2016), September 2016 Denver, CO. pdf slides
[3] Integro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs, Yazan Boshmaf, Dionysios Logothetis, Georgos Siganos, Jorge Lería, Jose Lorenzo, Matei Ripeanua, Konstantin Beznosov, Hassan Halawa, Elsevier Computers and Security Journal, Volume 61, August 2016, pp142–168 pdf camera ready project
[2] Thwarting Fake OSN Accounts by Predicting their Victims, Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Elizeu Santos-Neto, 8th ACM Workshop on Artificial Intelligence and Security (AI-Sec), Denver, CO, November 2015. pdf slides
[1] Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs, Yazan Boshmaf, Dionysions Logothetis, Georgios Siganos, Jorge Leria, Jose Lorenzo, Matei Ripeanu, Konstantin Beznosov, 2015 Network and Distributed System Security (NDSS) Symposium, February 8-11, 2015, San Diego, CA (acceptance rate: 50/305=16.3%) pdf slides

Also see publications related to our previous project on social-bots.

Posters

[1] Estimating Vulnerability Scores to Augment Enterprise Security Systems, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Alex Loffler, poster, USENIX Security Conference, Vancouver, Canada, August 2017 pdf