Cognitive triaging of phishing attacks

Amber van der Heijden; Luca Allodi

Cognitive triaging of phishing attacks

Amber van der Heijden
, Luca Allodi

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic

91 Citaten (Scopus)

320 Downloads (Pure)

Samenvatting

In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.

Originele taal-2	Engels
Titel	Proceedings of the 28th USENIX Security Symposium
Uitgeverij	Usenix Association
Pagina's	1309-1326
Aantal pagina's	18
ISBN van elektronische versie	9781939133069
Status	Gepubliceerd - 6 mei 2019
Evenement	28th Usenix Security Symposium 2019 - Santa Clara, Verenigde Staten van Amerika Duur: 14 aug. 2019 → 16 aug. 2019 https://www.usenix.org/conference/usenixsecurity19

Congres

Congres	28th Usenix Security Symposium 2019
Land/Regio	Verenigde Staten van Amerika
Stad	Santa Clara
Periode	14/08/19 → 16/08/19
Internet adres	https://www.usenix.org/conference/usenixsecurity19

Toegang tot document

publishers versionDefinitieve gepubliceerde versie, 16,4 MB
Authors version ARXIV 190502162v1

Andere bestanden en links

Link to publication in Scopus

Citeer dit

@inproceedings{4f5d7e97d9f74e478c1f27b6c0864bb9,

title = "Cognitive triaging of phishing attacks",

abstract = " In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims. ",

keywords = "phishing",

author = "\{van der Heijden\}, Amber and Luca Allodi",

year = "2019",

month = may,

day = "6",

language = "English",

pages = "1309--1326",

booktitle = "Proceedings of the 28th USENIX Security Symposium",

publisher = "Usenix Association",

note = "28th Usenix Security Symposium 2019 ; Conference date: 14-08-2019 Through 16-08-2019",

url = "https://www.usenix.org/conference/usenixsecurity19",

}

TY - GEN

T1 - Cognitive triaging of phishing attacks

AU - van der Heijden, Amber

AU - Allodi, Luca

PY - 2019/5/6

Y1 - 2019/5/6

N2 - In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.

AB - In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.

KW - phishing

UR - https://www.scopus.com/pages/publications/85076359023

M3 - Conference contribution

SP - 1309

EP - 1326

BT - Proceedings of the 28th USENIX Security Symposium

PB - Usenix Association

T2 - 28th Usenix Security Symposium 2019

Y2 - 14 August 2019 through 16 August 2019

ER -

Cognitive triaging of phishing attacks

Samenvatting

Congres

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit