TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

TWC：媒介：协作：揭露和缓解利用电话和互联网融合的跨渠道攻击

• 批准号: 1514052
• 负责人: Roberto Perdisci
• 金额: $ 29.99万
• 依托单位: University of Georgia Research Foundation Inc
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-08-15 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514052&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Exposing; Mitigating

Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels. For instance, text messages containing Internet links can direct unsuspecting users to malicious websites, inexpensive or free voice services can be used to carry out phone fraud campaigns, and caller-ID spoofing and autodialing services can be used to make calls to launch large-scale attacks that are difficult to detect and trace. Such attacks often remain undetected for long periods of time, thus undermining the higher level of trust that has traditionally been associated with the telephony channel.This project explores a ground-truth driven approach to study and understand cross-channel attacks that make use of both the Internet and telephony channels. A key goal is to expose any overlap in tactics and infrastructure used in cross-channel attacks with the extensively observed and studied Internet-only threats. Several data sources of cross-channel abuse are used in this study, including crowd-sourced intelligence and telephone-honeypot data. Much of the currently available telephony abuse information is unstructured and its accuracy or completeness is not known. The researchers are mining multiple sources of abuse information and introduce new methods to better understand, detect, and track attacks that are carried out across the telephony and Internet channels. The effectiveness of correlating threat intelligence available from each of these channels to improve defenses for both is also investigated. By studying the properties of the malicious infrastructure that facilitates cross-channel attacks, this project will enable both researchers and operational communities to gain increased situational awareness and develop techniques for mitigating and defending against this new class of threats.

现在，技术的快速发展使人们能够通过人们随身携带的智能手机设备同时访问电话和互联网服务。尽管电话与互联网的融合提供了许多好处，但它也为网络犯罪分子提供了开发日益复杂的攻击的能力，这些攻击结合了电话和互联网渠道的资源。例如，含有互联网链接的短信可以将毫无戒心的用户引导到恶意网站，廉价或免费的语音服务可以用于开展电话诈骗活动，来电显示欺骗和自动拨号服务可以用于拨打电话，发起难以检测和跟踪的大规模攻击。此类攻击通常在很长一段时间内都未被检测到，从而破坏了传统上与电话通道相关联的更高级别的信任。该项目探索了一种以事实为导向的方法，以研究和了解同时利用互联网和电话通道的跨通道攻击。一个关键目标是揭露在跨通道攻击中使用的战术和基础设施与广泛观察和研究的纯互联网威胁之间的任何重叠。这项研究使用了几个跨渠道虐待的数据来源，包括众包情报和电话蜜罐数据。目前可用的许多电话滥用信息都是非结构化的，其准确性或完整性是未知的。研究人员正在挖掘滥用信息的多个来源，并引入新的方法来更好地了解、检测和跟踪通过电话和互联网渠道进行的攻击。还研究了将这些渠道中的每个渠道提供的威胁情报关联起来以提高这两个渠道防御能力的有效性。通过研究促进跨通道攻击的恶意基础设施的特性，该项目将使研究人员和运营社区能够获得更多的态势感知，并开发技术来缓解和防御这类新的威胁。