Increasingly, the threats to enterprise security come from social engineering attacks—attacks that fool trusted users (e.g. employees) into providing access to enterprise data. The attacker relies on human emotions—the user’s trust, curiosity, or fear. Currently, a key aspect of state-of-the-art prevention at the enterprise level is attempting to retrain users to avoid the traps set by social engineers (e.g. not to click on a link, not to download a file from an unknown source, to verify the source of a message independently, etc.).
Given that social engineering attacks are designed to play on human nature, user compliance is difficult to achieve. With this effort, we will develop an approach that automatically intercepts social engineering attacks before they reach the user, thereby eliminating human error as a security threat. In addition to automatic detection, our system, PIRANHA, will learn to respond to attacks in a manner that elicits information about the attacker and distracts the attacker from targeting additional victims.
Passive detection relies, in part, on historical knowledge about what is typical for a user and for an enterprise and thus PIRANHA will maintain a memory of all enterprise communications. To maximize the utility of historical information, a user’s communications will be routed through purpose driven channels. When PIRANHA’s attack probability is sufficiently uncertain, PIRANHA will engage in the more costly active detection by deploying special purpose bots to update a message’s attack probability through deeper analysis (of e.g. attachments) or dialogue with the sender.
Cases with sufficiently high attack probability will be flagged for quarantine and passed on to PIRANHA’s attacker identification and distraction bot. This bot will use automatic dialogue to engage with the attacker to learn about their identity and to tie up their resources.