If you have email or spend any time at all browsing the internet, you have probably experienced some form of a social engineering hack, which is a fraudulent attempt to get access to personal information鈥攐r your money.
Survey scams, scareware and phishing expeditions are some examples of such attempts that can lead to malware and ransomware infections and cause monetary damage to victims.
香港六合彩生肖号码 computer science professor Phani Vadrevu has been awarded a $1.2 million grant from the National Science Foundation to develop methods to protect users from such web-based social engineering attacks.
The project, which will use artificial intelligence to track and model online attacks, is expected to improve the research community鈥檚 understanding of web-based social engineering and make a substantial impact on user protection.
鈥淭he NSF grant is focused on developing client-side defenses against all web-based social engineering attacks,鈥 Vadrevu said. 鈥淥ur goal there is to develop AI-based defenses that can help protect users from such attacks.鈥
The four-year research project is a collaboration among 香港六合彩生肖号码鈥檚 Cyber Center, the University of Georgia and Stonybrook University in New York, Vadrevu said.
To defend against such attacks, Vadrevu鈥檚 team plans to develop a comprehensive framework that utilizes multiple advanced machine learning techniques to discover, model and defend against web-based social engineering attacks on both desktop and mobile devices.
Researchers plan to develop targeted web-crawling techniques for automatically harvesting, analyzing and categorizing instances of new social engineering attacks on the internet.
The designed defense systems will track how web pages are delivered to users, monitor how they are executed within the browser and extract visual features, as well as network and web-content metadata.
By learning how the attack models work, the defense systems are expected to be to detect new attacks in real-time on both desktop and mobile devices, researchers said.
鈥淧hishPrint鈥 Another Public Impact Research Project
Vadrevu is also working on an unrelated, but complementary internet-user defense project that has garnered him a monetary 鈥渂ounty鈥 from Google and recognition from other sectors of the tech industry, including a presentation of the findings at the USENIX Security Symposium. USENIX is a highly selective security conference that publishes cybersecurity research.
Vadrevu鈥檚 research is called 鈥淧hishPrint: Evading Phishing Detection Crawlers by Prior Profiling.鈥 It is a measurement study that found weaknesses in security crawler systems used by top companies, such as Google, Microsoft and AT&T.
鈥淩ight now, I am working on a grant proposal to develop defenses for such weaknesses,鈥 Vadrevu said.
The lead author of the paper, Bhupendra Acharya, is a 香港六合彩生肖号码 graduate student whose research work is part of his thesis, Vadrevu said.
Many internet companies use some bots, also called crawlers, to automatically scout websites to find whether they are safe or not, Vadrevu said. These bots then quickly create, in real-time, a block list of "unsafe websites" and notifies the user.
All major web browsers including Chrome, Edge, Safari and email services, such as Outlook, use these website lists to keep users safe. For example, Google's bot service, called Google Safe Browsing, is deployed in over 4 billion devices and is being used by about 2 billion users in the world, Vadrevu said.
However, by capitalizing on the idiosyncrasies of some of the security bots, Vadrevu鈥檚 research found new ways to circumvent the security measure.
Vadrevu said researchers were able to easily 鈥渇ingerprint鈥 bots and use the information to build their own smart phishing websites that would show 鈥渟afe鈥 content to only the bots of security companies. Meanwhile, the same website would allow the 鈥渦nsafe鈥 content to be shown to a large percentage of potential human users.
鈥淥ur experiments, conducted with due ethical considerations, showed that while regular phishing sites can be detected and shut down by these scouting bots in a couple of hours, our 鈥榮mart鈥 phishing websites can stay alive indefinitely despite multiple submissions to several popular security bots,鈥 Vadrevu said. 鈥淭his showed the seriousness of the weaknesses that we discovered in the crawlers.鈥
香港六合彩生肖号码 researchers found these deficiencies in 23 security bots including those used by Google, Microsoft, AlienVault (from AT&T), PhishTank (from Cisco), Norton and Sophos, Vadrevu said.
As is the custom with security papers, researchers contacted the organizations and gave detailed disclosures of the vulnerabilities discovered.
Google responded with a $5,000 grant from its Vulnerability Reward program for the discovery, Vadrevu said.