Social engineering poses a critical threat to information security, with cyberattackers recognizing that people are often more vulnerable to manipulation than a hardened computer system. “Social engineering targets the weakest link in the system, the human actors,” explains Computer Science Professor Ian Harris, who is working to address this issue as Principal Investigator of a grant from the National Science Foundation (NSF). The work, “Detecting Social Engineering Attacks Using Semantic Language Analysis,” falls under the NSF’s Secure and Trustworthy Cyberspace (SaTC) program, and Harris was awarded nearly $500,000 to study this growing threat.

According to the grant abstract, the project will “confront the problem of social engineering by developing automated approaches to detect social engineering attacks in real time and alert the victim before harm can occur.” Leveraging question answering and natural language understanding techniques, the goal is to identify conversational statements with malicious intent. “The attacker must always perform one of two dialog actions, either asking a question whose answer is private, or issuing a command to perform a forbidden operation.”

This work will also result in a large corpus of non-phishing social engineering attacks in the form of audio recordings and written transcripts, which will be made publicly available to support both further research into the topic and the development of courses on social engineering attacks.

Read more about Harris’ research on this topic on DarkReading.com.

— Shani Murray