Collaborative Research: SaTC: CORE: Small: Analytical Models for Conversational Social Engineering Attacks

协作研究：SaTC：核心：小型：对话式社会工程攻击的分析模型

• 批准号: 2319803
• 负责人: Faranak Abri
• 金额: $ 20万
• 依托单位: San Jose State University Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2319803&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Social engineers use a false pretense and their interpersonal skills to persuade their targets to divulge sensitive information such as their usernames, passwords, or credit card numbers. Social engineering over the phone, known as vishing, is a very common, growing, and costly problem. This project aims to investigate the nature of vishing attacks and use what is learned to develop a software application that detects key vishing attack features, moving the project toward its long-term goal of developing a software system that can detect vishing attacks in real-time and warn targets.To accomplish that aim, the research team is creating two corpora: 1) a set of vishing attack recordings and 2) a set of legitimate phone call recordings. The research team is developing advanced analytical techniques to identify features that differentiate vishing conversations from legitimate conversations. The research team is developing novel audio signal and natural language processing algorithms to detect emotional language that is unique to vishing conversations and novel natural language processing algorithms to detect requests for sensitive information. Collectively, these algorithms provide critical capabilities to detect vishing attacks in real-time and form the foundation of the real-time vishing attack warning system the research team is developing.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

社会工程师使用虚假的假装和人际交往能力来说服他们的目标泄露敏感信息，例如其用户名，密码或信用卡号。 通过电话被称为Vishing的社会工程是一个非常普遍，成长且昂贵的问题。 This project aims to investigate the nature of vishing attacks and use what is learned to develop a software application that detects key vishing attack features, moving the project toward its long-term goal of developing a software system that can detect vishing attacks in real-time and warn targets.To accomplish that aim, the research team is creating two corpora: 1) a set of vishing attack recordings and 2) a set of legitimate phone call recordings. 研究团队正在开发先进的分析技术，以确定将捕钓对话与合法对话区分开的功能。研究团队正在开发新颖的音频信号和自然语言处理算法，以检测情感语言，这些语言在诱捕对话和新型的自然语言处理算法中独有，以检测请求敏感信息。 总的来说，这些算法提供了实时检测捕钓攻击的关键能力，并构成了研究团队正在开发的实时Vishing攻击警告系统的基础。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的审查标准通过评估来通过评估来获得支持的。