Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks

نویسندگان

  • Mengchen Zhao
  • Bo An
  • Christopher Kiekintveld
چکیده

Highly targeted spear phishing attacks are increasingly common, and have been implicated in many major security breeches. Email filtering systems are the first line of defense against such attacks. These filters are typically configured with uniform thresholds for deciding whether or not to allow a message to be delivered to a user. However, users have very significant differences in both their susceptibility to phishing attacks as well as their access to critical information and credentials that can cause damage. Recent work has considered setting personalized thresholds for individual users based on a Stackelberg game model. We consider two important extensions of the previous model. First, in our model user values can be substitutable, modeling cases where multiple users provide access to the same information or credential. Second, we consider attackers who make sequential attack plans based on the outcome of previous attacks. Our analysis starts from scenarios where there is only one credential and then extends to more general scenarios with multiple credentials. For single-credential scenarios, we demonstrate that the optimal defense strategy can be found by solving a binary combinatorial optimization problem called PEDS. For multiple-credential scenarios, we formulate it as a bilevel optimization problem for finding the optimal defense strategy and then reduce it to a single level optimization problem called PEMS using complementary slackness conditions. Experimental results show that both PEDS and PEMS lead to significant higher defender utilities than two existing benchmarks in different parameter settings. Also, both PEDS and PEMS are more robust than the existing benchmarks considering uncertainties.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Initial Study on Personalized Filtering Thresholds in Defending Sequential Spear Phishing Attacks

Different from spam and regular phishing attacks, spear phishing attacks target a small group of people, and the attackers usually make elaborate plans before attacking. There is existing work on classifying spear phishing emails where a threshold value is used to balance misclassified normal emails and misclassified malicious emails. However, most existing systems use a uniform threshold for a...

متن کامل

Optimal Personalized Filtering Against Spear-Phishing Attacks

To penetrate sensitive computer networks, attackers can use spear phishing to sidestep technical security mechanisms by exploiting the privileges of careless users. In order to maximize their success probability, attackers have to target the users that constitute the weakest links of the system. The optimal selection of these target users takes into account both the damage that can be caused by...

متن کامل

Multi-Defender Strategic Filtering Against Spear-Phishing Attacks

Spear-phishing attacks pose a serious threat to sensitive computer systems, since they sidestep technical security mechanisms by exploiting the carelessness of authorized users. A common way to mitigate such attacks is to use e-mail filters which block e-mails with a maliciousness score above a chosen threshold. Optimal choice of such a threshold involves a tradeoff between the risk from delive...

متن کامل

An interdiscplinary study of phishing and spear-phishing attacks

In a world where spear-phishing is one of the most common attacks used to steal confidential data, it is necessary to instruct technical and non-technical users about new mechanisms attackers can use to generate these attacks. We want to focus on phishing attacks, where a social engineer communicates a deceitful message to their victims in order to obtain some confidential information, because ...

متن کامل

Phishing Attacks in a Mobile Environment

There is no agreed upon definition for Phishing. Although, the medium of attack may vary, the goal is to steal confidential information from an individual. Classical Phishing attacks via mass mailing have a low return of investment rate. Generally, one mass mailing of 100,000 emails may collect between 10 to 100 victims. On the contrary, Phishing scams targeted to a specific group of people in ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016