Artemis

From NetSysLab

Jump to: navigation, search

Defending Against Automated Large-Scale Cyber Intrusions by Focusing on the Vulnerable Population

(This project is a collaboration between NetSysLab, LERSSE, and our industry partners. This project is a continuation of our work on socialbots and cyber threats in online social networks)

Contents

Overview

State-of-the-art defenses against automated mass-scale cyber-attacks are mostly reactive and generally follow a ‘first-detect-then-prevent’ approach. This gives attackers the ability to evade detection by adjusting their tactics in order to circumvent the employed defenses and still reach the end-users.

This project advocates for a proactive approach of identifying the vulnerable users, and employing this information to better protect them by building more robust and efficient system-wide defenses. Specifically, our focus is on investigating novel defenses at the level of the system/infrastructure as well as at the level of individual users in large socio-technical systems.

The goal is to develop techniques to identify the population of users vulnerable to various types of large-scale automated attacks. Then, using this knowledge to improve the robustness and efficiency of system-wide defenses, as well as to uncover ways to influence the behaviour of vulnerable users in order to decrease their susceptibility to large-scale attacks.

A position paper outlines how our proposed paradigm, focusing on the vulnerable population, can enable mechanisms at different defense layers in three different domains (phishing of user credentials, malware infections, and socialbot infiltration) to better protect the platform and its users. For each of those domains we discuss where conventional defense mechanisms fail, how the vulnerable users can be identified, and how information about vulnerable users can help build more resilient defense systems. Furthermore, we discuss topics related to the feasibility of identifying the vulnerable population, factors influencing its accuracy, and various potential issues related to adopting our new paradigm.

Background

Social engineering is one of the key attack vectors faced by large socio-technical systems (e.g., email and online social networks). Attacks based on social engineering rely on exploiting unsafe decisions by individual users, (e.g., providing credentials to a phishing website or downloading malicious software). Such, largely automated, attacks are increasing in frequency, scale, and sophistication.

State of the art

Current defenses against automated social-engineering attacks in socio-technical systems are generally reactive and victim-agnostic. Such defenses identify attack actions (e.g., phishing emails, social-bot infiltrations, malware downloads) based on either structural, contextual, or behavioral attributes of the attack or the attacker.

The reactive and victim-agnostic nature of the current defense paradigm gives attackers the opportunity to evade detection (by adjusting their tactics), circumvent the employed defenses, and still reach the end-users.

People

Past Collaborators

  • Yazan Boshmaf (Qatar Computing Research Institute, QCRI)
  • Alex Loffler (formerly at Telus)

Publications

Also see publications related to our previous project on social-bots.

Journal/Conference/Workshop Publications and Technical Reports

[6] Forecasting Suspicious Account Activity at Large-Scale Online Service Providers, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Baris Coskun, Meizhu Liu, Technical Report, January 2018 pdf
[5] An Early Warning System for Suspicious Accounts, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Baris Coskun, Meizhu Liu, 8th ACM Workshop on Artificial Intelligence and Security (AI-Sec), Dallas, TX, November 2017 pdf slides
[4] Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber Intrusions by Focusing on the Vulnerable Population, Hassan Halawa, Konstantin Beznosov, Yazan Boshmaf, Baris Coskun, Matei Ripeanu and Elizeu Santos-Neto, New Security Paradigms Workshop (NSPW 2016), September 2016 Denver, CO. pdf slides
[3] Integro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs, Yazan Boshmaf, Dionysios Logothetis, Georgos Siganos, Jorge Lería, Jose Lorenzo, Matei Ripeanua, Konstantin Beznosov, Hassan Halawa, Elsevier Computers and Security Journal, Volume 61, August 2016, pp142–168 pdf camera ready project
[2] Thwarting Fake OSN Accounts by Predicting their Victims, Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Elizeu Santos-Neto, 8th ACM Workshop on Artificial Intelligence and Security (AI-Sec), Denver, CO, November 2015. pdf slides
[1] Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs, Yazan Boshmaf, Dionysions Logothetis, Georgios Siganos, Jorge Leria, Jose Lorenzo, Matei Ripeanu, Konstantin Beznosov, 2015 Network and Distributed System Security (NDSS) Symposium, February 8-11, 2015, San Diego, CA (acceptance rate: 50/305=16.3%) pdf slides

Posters

[2] Estimating Vulnerability Scores to Augment Enterprise Security Systems, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Alex Loffler, poster, UBC Cybersecurity Summit, Vancouver, Canada, May 2018 pdf
[1] Estimating Vulnerability Scores to Augment Enterprise Security Systems, Hassan Halawa, Matei Ripeanu, Konstantin Beznosov, Alex Loffler, poster, USENIX Security Conference, Vancouver, Canada, August 2017 pdf