Social engineering attacks are a growing problem and there is very little defense against them since they target the human directly, circumventing many computer-based defenses. There are approaches to scan emails and websites for phishing attacks, but sophisticated attacks involve conversation dialogs which may be carried out in-person or over the phone lines. Dialog-based social engineering attacks can employ subtle psychological techniques which cannot be detected without an understanding of the meaning of each sentence.
We present a tool which uses Natural Language Processing (NLP) techniques to gain an understanding of the intent of the text spoken by the attacker. Each sentence is parsed according to the rules of English grammar, and the resulting parse tree is examined for patterns which indicate malicious intent. Our tool uses an open-source parser, the Stanford Parser, to perform parsing and identify patterns in the resulting parse tree. We have evaluated our approach on three actual social engineering attack dialogs and we will present those results. We are also releasing the tool so you can download it and try it for yourself.