Social engineering poses a critical threat to information security, with cyberattackers recognizing that people are often more vulnerable to manipulation than a hardened computer system. “Social engineering targets the weakest link in the system, the human actors,” explains Computer Science Professor Ian Harris, who is working to address this issue as Principal Investigator of a grant from the National Science Foundation (NSF). The work, “Detecting Social Engineering Attacks Using Semantic Language Analysis,” falls under the NSF’s Secure and Trustworthy Cyberspace (SaTC) program, and Harris was awarded nearly $500,000 to study this growing threat.

According to the grant abstract, the project will “confront the problem of social engineering by developing automated approaches to detect social engineering attacks in real time and alert the victim before harm can occur.” Leveraging question answering and natural language understanding techniques, the goal is to identify conversational statements with malicious intent. “The attacker must always perform one of two dialog actions, either asking a question whose answer is private, or issuing a command to perform a forbidden operation.”

This work will also result in a large corpus of non-phishing social engineering attacks in the form of audio recordings and written transcripts, which will be made publicly available to support both further research into the topic and the development of courses on social engineering attacks.

Read more about Harris’ research on this topic on DarkReading.com.

— Shani Murray

Computer Science Ph.D. student Jihyun Park is the lead author on a paper that recently won the best paper award at the 11th International Conference on Educational Data Mining Conference (EDM 2018) in Buffalo, N.Y. The paper, “Understanding Student Procrastination via Mixture Models,” proposes a new approach based on statistical machine learning techniques that can extract and quantify patterns of procrastination observed from student clickstream data in online college courses. In particular, persistent procrastination over the duration of a course was found to be strongly predictive of poorer student outcomes, providing strong evidence that time management is critical for success in online courses.

[Read more…]

After entering a password, your regular computer keyboard might appear to look the same as always, but a new approach harvesting thermal energy can illuminate the recently pressed keys, revealing that keyboard-based password entry is even less secure than previously thought. Computer Science Ph.D. students Tyler Kaczmarek and Ercan Ozturk in the Donald Bren School of Information and Computer Sciences (ICS), working with Chancellor’s Professor of Computer Science Gene Tsudik, have exploited thermal residue from human fingertips to introduce a new insider attack — the Thermanator.

[Read more…]

In a paper to appear at the 2018 European Symposium on Research in Computer Security (ESORICS), a team of researchers from UC Irvine, New York Institute of Technology and University of Padova (Italy) reveal a new attack: Secret Information Leakage from Keystroke Timing Videos (SILK-TV). The UCI researchers include Chancellor’s Professor of Computer Science Gene Tsudik and undergrad exchange students Martin Georgiev and Nikita Samarian.

[Read more…]

Chancellor’s Professor of Computer Science Gene Tsudik and two of his Ph.D. students, Tyler Kaczmarek and Ercan Ozturk, have developed a novel technique aimed at mitigating “Lunchtime Attacks.” Such attacks occur when an insider adversary takes over an authenticated state of a careless user who has left his or her computer unattended. Tsudik, Kaczmarek and Ozturk have come up with an unobtrusive and continuous biometric-based “de-authentication,” i.e., a means of quickly terminating the secure session of a previously authenticated user after detecting that user’s absence. They introduce the new biometric, called Assentication, in a paper appearing at the 2018 International Conference on Applied Cryptography and Network Security (ACNS).

[Read more…]