Collaborative Research: SaTC: CORE: Small: Analytical Models for Conversational Social Engineering Attacks

协作研究：SaTC：核心：小型：对话式社会工程攻击的分析模型

• 批准号: 2319803
• 负责人: Faranak Abri
• 金额: $ 20万
• 依托单位: San Jose State University Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2319803&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Social engineers use a false pretense and their interpersonal skills to persuade their targets to divulge sensitive information such as their usernames, passwords, or credit card numbers. Social engineering over the phone, known as vishing, is a very common, growing, and costly problem. This project aims to investigate the nature of vishing attacks and use what is learned to develop a software application that detects key vishing attack features, moving the project toward its long-term goal of developing a software system that can detect vishing attacks in real-time and warn targets.To accomplish that aim, the research team is creating two corpora: 1) a set of vishing attack recordings and 2) a set of legitimate phone call recordings. The research team is developing advanced analytical techniques to identify features that differentiate vishing conversations from legitimate conversations. The research team is developing novel audio signal and natural language processing algorithms to detect emotional language that is unique to vishing conversations and novel natural language processing algorithms to detect requests for sensitive information. Collectively, these algorithms provide critical capabilities to detect vishing attacks in real-time and form the foundation of the real-time vishing attack warning system the research team is developing.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

社会工程师使用虚假的借口和他们的人际交往技巧来说服他们的目标泄露敏感信息，如他们的用户名，密码或信用卡号码。 通过电话进行的社会工程，也就是所谓的网络钓鱼，是一个非常普遍、不断增长且代价高昂的问题。 该项目旨在研究vishing攻击的本质，并利用所学到的知识开发一个软件应用程序，检测关键的vishing攻击特征，使该项目朝着开发一个软件系统的长期目标迈进，该软件系统可以实时检测vishing攻击并警告目标。为了实现这一目标，研究团队正在创建两个语料库：1）一组网络钓鱼攻击录音和2）一组合法的电话录音。 该研究团队正在开发先进的分析技术，以识别将钓鱼对话与合法对话区分开来的特征。该研究团队正在开发新的音频信号和自然语言处理算法，以检测语音对话所特有的情感语言，以及新的自然语言处理算法，以检测对敏感信息的请求。 总的来说，这些算法提供了实时检测网络钓鱼攻击的关键能力，并构成了研究团队正在开发的实时网络钓鱼攻击预警系统的基础。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。