Understanding Social Engineering Attacks with Natural Language Processing

DEF CON 23

Presented by: Ian Harris
Date: Friday August 07, 2015
Time: 18:00 - 18:50
Location: Social Engineering Village

Social engineering attacks are a growing problem and there is very little defense against them since they target the human directly, circumventing many computer-based defenses. There are approaches to scan emails and websites for phishing attacks, but sophisticated attacks involve conversation dialogs which may be carried out in-person or over the phone lines. Dialog-based social engineering attacks can employ subtle psychological techniques which cannot be detected without an understanding of the meaning of each sentence.

We present a tool which uses Natural Language Processing (NLP) techniques to gain an understanding of the intent of the text spoken by the attacker. Each sentence is parsed according to the rules of English grammar, and the resulting parse tree is examined for patterns which indicate malicious intent. Our tool uses an open-source parser, the Stanford Parser, to perform parsing and identify patterns in the resulting parse tree. We have evaluated our approach on three actual social engineering attack dialogs and we will present those results. We are also releasing the tool so you can download it and try it for yourself.

Ian Harris

Ian G. Harris is currently Vice Chair of Undergraduate Education in the Computer Science Department at the University of California Irvine. He received his BS degree in Computer Science from Massachusetts Institute of Technology in 1990. He received his MS and PhD degrees in Computer Science from the University of California San Diego in 1992 and 1997 respectively. His field of interest includes validation of hardware systems to ensure that the behavior of the system matches the intentions of the designer. He also investigates the application of testing for computer security. His group’s security work includes testing software applications for security vulnerabilities and designing special-purpose hardware to detect intrusions on-line.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats