TY - GEN
T1 - Harvesting the low-hanging fruits
T2 - 25th New Security Paradigms Workshop, NSPW 2016
AU - Halawa, Hassan
AU - Beznosov, Konstantin
AU - Boshmaf, Yazan
AU - Coskun, Baris
AU - Ripeanu, Matei
AU - Santos-Neto, Elizeu
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/9/26
Y1 - 2016/9/26
N2 - The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.
AB - The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.
KW - Cyber intrusions
KW - Defense system design
KW - Vulnerable population
UR - http://www.scopus.com/inward/record.url?scp=85009152838&partnerID=8YFLogxK
U2 - 10.1145/3011883.3011885
DO - 10.1145/3011883.3011885
M3 - Conference contribution
AN - SCOPUS:85009152838
T3 - ACM International Conference Proceeding Series
SP - 11
EP - 22
BT - NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop
PB - Association for Computing Machinery
Y2 - 26 September 2016 through 29 September 2016
ER -