Collaborative Research: SaTC: CORE: Small: Analytical Models for Conversational Social Engineering Attacks

协作研究：SaTC：核心：小型：对话式社会工程攻击的分析模型

• 批准号: 2319802
• 负责人: Akbar Siami Namin
• 金额: $ 40万
• 依托单位: Texas Tech University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2319802&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Social engineers use a false pretense and their interpersonal skills to persuade their targets to divulge sensitive information such as their usernames, passwords, or credit card numbers. Social engineering over the phone, known as vishing, is a very common, growing, and costly problem. This project aims to investigate the nature of vishing attacks and use what is learned to develop a software application that detects key vishing attack features, moving the project toward its long-term goal of developing a software system that can detect vishing attacks in real-time and warn targets.To accomplish that aim, the research team is creating two corpora: 1) a set of vishing attack recordings and 2) a set of legitimate phone call recordings. The research team is developing advanced analytical techniques to identify features that differentiate vishing conversations from legitimate conversations. The research team is developing novel audio signal and natural language processing algorithms to detect emotional language that is unique to vishing conversations and novel natural language processing algorithms to detect requests for sensitive information. Collectively, these algorithms provide critical capabilities to detect vishing attacks in real-time and form the foundation of the real-time vishing attack warning system the research team is developing.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

社会工程师利用虚假的伪装和他们的人际交往技巧来说服他们的目标泄露敏感信息，如用户名、密码或信用卡号码。通过电话进行的社会工程，即所谓的钓鱼，是一个非常普遍、日益严重且代价高昂的问题。该项目旨在调查钓鱼攻击的本质，并利用所学知识开发检测钓鱼攻击关键特征的软件应用程序，使项目朝着开发能够实时检测钓鱼攻击并警告目标的软件系统的长期目标迈进。为了实现这一目标，研究小组正在创建两个语料库：1)一组钓鱼攻击录音和2)一组合法电话录音。研究团队正在开发先进的分析技术，以识别区分虚假对话和合法对话的特征。研究小组正在开发新的音频信号和自然语言处理算法，以检测钓鱼对话中特有的情感语言，并开发新的自然语言处理算法来检测对敏感信息的请求。总的来说，这些算法提供了实时检测钓鱼攻击的关键能力，并构成了研究团队正在开发的实时钓鱼攻击预警系统的基础。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。