Collaborative Research: SaTC: CORE: Medium: Defending Against Social Engineering Attacks with In-Browser AI

协作研究：SaTC：核心：中：利用浏览器内人工智能防御社会工程攻击

• 批准号: 2126641
• 负责人: Roberto Perdisci
• 金额: $ 40万
• 依托单位: University of Georgia Research Foundation Inc
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2126641&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Web-based social engineering attacks represent a growing class of cyber-attacks that exploit weaknesses in humans' decision-making processes via pretexts, baiting, and phishing. These attacks aim at deceiving users into performing online actions that may have critical cyber security and privacy implications. For instance, users may be deceived by malicious websites into revealing sensitive personal information or installing malicious software in their devices because they believe they would get something for free (e.g., a gift card). This project makes the Internet safer by building novel and robust real-time in-browser defenses that use artificial intelligence methods to dynamically detect and block such kinds of web-based social engineering attacks before users are affected. The project artifacts have immense potential to transition to practical use via collaboration with Google and AARP. Furthermore, the project involves activities across three institutions to broaden the participation of underrepresented groups in computing.Existing web defenses often rely on reactive approaches (e.g., blocklists) that do not address social engineering attacks. Unlike previous approaches, this research introduces a novel framework for discovering, modeling, and defending against web-based social engineering attacks on both desktop and mobile environments. On the discovery front, this project introduces a web-crawler to automatically harvest, analyze, and categorize instances of social-engineering attacks, considering different browsing devices. Given the discoveries of the crawler, this project uses machine-learning approaches to model the in-browser behavior of the attacks. Finally, to defend users, the project introduces real-time in-browser defense systems that track how web pages and web push notifications are delivered to users, monitor how they are executed within the browser, and extract visual features as well as network and web-content metadata. Overall, this project's outcomes improve the research community's understanding of web-based social-engineering attacks and exerts practical impact in protecting users against these attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于Web的社会工程攻击代表了一种不断增长的网络攻击类型，这些攻击通过借口、诱饵和网络钓鱼来利用人类决策过程中的弱点。这些攻击旨在欺骗用户执行可能具有关键网络安全和隐私影响的在线操作。例如，用户可能被恶意网站欺骗，泄露敏感的个人信息或在他们的设备中安装恶意软件，因为他们相信他们会免费得到一些东西（例如，礼品卡）。该项目通过构建新颖而强大的实时浏览器防御来使互联网更安全，这些防御使用人工智能方法在用户受到影响之前动态检测和阻止此类基于Web的社交工程攻击。通过与Google和AARP的合作，项目工件具有巨大的潜力过渡到实际使用。此外，该项目涉及三个机构的活动，以扩大在计算中代表性不足的群体的参与。现有的网络防御往往依赖于反应式方法（例如，阻止列表），不解决社会工程攻击。与以前的方法不同，本研究引入了一种新的框架，用于发现，建模和防御基于Web的桌面和移动的环境中的社会工程攻击。在发现方面，该项目引入了一个网络爬虫来自动收集，分析和分类社会工程攻击的实例，考虑不同的浏览设备。鉴于爬虫的发现，该项目使用机器学习方法来模拟攻击的浏览器行为。最后，为了保护用户，该项目引入了实时浏览器防御系统，跟踪网页和Web推送通知如何传递给用户，监控它们在浏览器中的执行方式，并提取视觉特征以及网络和Web内容元数据。总体而言，该项目的成果提高了研究界对基于Web的社会工程攻击的理解，并在保护用户免受这些攻击方面发挥了实际影响。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Understanding, Measuring, and Detecting Modern Technical Support Scams

• DOI: 10.1109/eurosp57164.2023.00011
• 发表时间: 2023-07
• 期刊: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)
• 作者: Jienan Liu;Pooja Pun;Phani Vadrevu;R. Perdisci

TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks

• 发表时间: 2023
• 作者: Zheng Yang;Joey Allen;Matthew Landen;R. Perdisci;Wenke Lee

PhishInPatterns: measuring elicited user interactions at scale on phishing websites

• DOI: 10.1145/3517745.3561467
• 发表时间: 2022-10
• 期刊: Proceedings of the 22nd ACM Internet Measurement Conference
• 作者: Karthika Subramani;William Melicher;Oleksii Starov;Phani Vadrevu;R. Perdisci

SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations

SoK：解决方法 - 对 Service Worker 攻击和缓解措施进行分类

• DOI: 10.1109/eurosp53844.2022.00041
• 发表时间: 2022
• 期刊: 7th IEEE European Symposium on Security and Privacy
• 作者: Subramani, Karthika;Jueckstock, Jordan;Kapravelos, Alexandros;Perdisci, Roberto
• 通讯作者: Perdisci, Roberto