Optimal Personalized Filtering Against Spear-Phishing Attacks
Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos

Citation
Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos. "Optimal Personalized Filtering Against Spear-Phishing Attacks". 29th AAAI Conference on Artificial Intelligence (AAAI), January, 2015.

Abstract
To penetrate sensitive computer networks, attackers can use spear phishing to sidestep technical security mechanisms by exploiting the privileges of careless users. In order to maximize their success probability, attackers have to target the users that constitute the weakest links of the system. The optimal selection of these target users takes into account both the damage that can be caused by a user and the probability of a malicious e-mail being delivered to and opened by a user. Since attackers select their targets in a strategic way, the optimal mitigation of these attacks requires the defender to also personalize the e-mail filters by taking into account the users' properties. In this paper, we assume that a learned classifier is given and propose strategic per-user filtering thresholds for mitigating spear-phishing attacks. We formulate the problem of filtering targeted and non-targeted malicious e-mails as a Stackelberg security game. We characterize the optimal filtering strategies and show how to compute them in practice. Finally, we evaluate our results using two real-world datasets and demonstrate that the proposed thresholds lead to lower losses than non-strategic thresholds.

Electronic downloads


Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos. <a
    href="http://www.cps-forces.org/pubs/124.html"
    >Optimal Personalized Filtering Against Spear-Phishing
    Attacks</a>, 29th AAAI Conference on Artificial
    Intelligence (AAAI), January, 2015.
  • Plain text
    Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos.
    "Optimal Personalized Filtering Against Spear-Phishing
    Attacks". 29th AAAI Conference on Artificial
    Intelligence (AAAI), January, 2015.
  • BibTeX
    @inproceedings{LaszkaVorobeychikKoutsoukos15_OptimalPersonalizedFilteringAgainstSpearPhishingAttacks,
        author = {Aron Laszka and Yevgeniy Vorobeychik and Xenofon
                  Koutsoukos},
        title = {Optimal Personalized Filtering Against
                  Spear-Phishing Attacks},
        booktitle = {29th AAAI Conference on Artificial Intelligence
                  (AAAI)},
        month = {January},
        year = {2015},
        abstract = {To penetrate sensitive computer networks,
                  attackers can use spear phishing to sidestep
                  technical security mechanisms by exploiting the
                  privileges of careless users. In order to maximize
                  their success probability, attackers have to
                  target the users that constitute the weakest links
                  of the system. The optimal selection of these
                  target users takes into account both the damage
                  that can be caused by a user and the probability
                  of a malicious e-mail being delivered to and
                  opened by a user. Since attackers select their
                  targets in a strategic way, the optimal mitigation
                  of these attacks requires the defender to also
                  personalize the e-mail filters by taking into
                  account the users' properties. In this paper, we
                  assume that a learned classifier is given and
                  propose strategic per-user filtering thresholds
                  for mitigating spear-phishing attacks. We
                  formulate the problem of filtering targeted and
                  non-targeted malicious e-mails as a Stackelberg
                  security game. We characterize the optimal
                  filtering strategies and show how to compute them
                  in practice. Finally, we evaluate our results
                  using two real-world datasets and demonstrate that
                  the proposed thresholds lead to lower losses than
                  non-strategic thresholds.},
        URL = {http://cps-forces.org/pubs/124.html}
    }
    

Posted by Aron Laszka on 15 Mar 2016.
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.