Researchers Win $100,000 For New Spear-Phishing Detection Method (bleepingcomputer.com) 28
An anonymous reader writes: Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. The team created a detection system -- called DAS (Directed Anomaly Scoring) -- that identifies uncommon patterns in emails communications. They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.
"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.
Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.
"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.
Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.
Fools (Score:2)
Researchers Win $100,000 For New Spear-Phishing Detection Method
You fools! The fish can use this for defense in the upcoming Global Fish War [slashdot.org].
Re: (Score:2)
Re: Should be 100% detection (Score:4, Funny)
You can easiy get 100% avoidance by just not using email and otherwise communicating with anybody.
The prime contractor for the government project that I work on implemented an aggressive phishing campaign by their security consultants. Click on phishing email, take more training. Click on too many phishing emails, get written up. My coworkers and I stopped reading emails from the prime contractor, which was mostly password reset and IT notifications. Upper management is confused as to why so many project managers are relaying information in the weekly staff meetings instead of email. Maybe they should ask their security consultants.
Manageable number of false positives (Score:2)
Re: (Score:1)
That's almost 1.5 million false positives, which works out to high hundreds or low thousands per employee.
Versus 19 attacks, 2 of which slipped through.
It is an accomplishment, but that's 1.5 million opportunities to ignore important, legitimate messages from business associates. One much make certain that one's employees are well trained in what this system actually can do.
Re: (Score:1)
Rate of 0.004% on 370 million is 14,800... not 1,480,000.
Re: (Score:2)
Rate of 0.004% on 370 million is 14,800... not 1,480,000.
The Windows Calculator was always dodgy with large numbers.
Re: (Score:2)
That's still 14,800 errors per 19 or simplified:
1 out of 778 warnings is true.
Having nothing is better than this, give me $100,000 for saying "educate your users" and you'll have a much better detection rate. The stats have to be reversed, you should only have ~1% erroneous warnings.
Re: (Score:2)
What actually happens is that people won't trust the 19 that it actually detects.
Even if you ameliorate the statistics and say this is across 10,000 users which would be the best case, you're still talking about 1 positive warning for every ~10 negative warnings.
Yay Linux! (Score:4, Insightful)
The "honorable mention" found 158 critical zero-day in Linux kernel drivers (out of thousands of drivers). While it's horrible that they existed, it's fantastic that there is a tool that can find them really quickly! I hope it can be adapted to work on drivers for other kernels. :)
PGP (Score:3)
Seriously, it's been over two decades.
Re: PGP (Score:3, Insightful)
Yeah, it's been two decades and email encryption and signing is still a horrible user experience, even for security professionals who understand it. It's no wonder it hasn't taken off.
Another possible tactic (Score:2)
Re: (Score:2)