Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security Facebook

Researchers Win $100,000 For New Spear-Phishing Detection Method ( 28

An anonymous reader writes: Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. The team created a detection system -- called DAS (Directed Anomaly Scoring) -- that identifies uncommon patterns in emails communications. They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.

"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.

Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.

This discussion has been archived. No new comments can be posted.

Researchers Win $100,000 For New Spear-Phishing Detection Method

Comments Filter:
  • Researchers Win $100,000 For New Spear-Phishing Detection Method

    You fools! The fish can use this for defense in the upcoming Global Fish War [].

    • That's why my daddy always used a quarter-stick of dynamite when fishing. The fishes won't know what hit them first.
  • Their sample was 370 million emails over the course of four years. With a false positive rate of 0.004%, that works out to about 10 messages per day for a company with "thousands of employees." Impressive.
    • by taustin ( 171655 )

      That's almost 1.5 million false positives, which works out to high hundreds or low thousands per employee.

      Versus 19 attacks, 2 of which slipped through.

      It is an accomplishment, but that's 1.5 million opportunities to ignore important, legitimate messages from business associates. One much make certain that one's employees are well trained in what this system actually can do.

      • by Anonymous Coward

        Rate of 0.004% on 370 million is 14,800... not 1,480,000.

        • Rate of 0.004% on 370 million is 14,800... not 1,480,000.

          The Windows Calculator was always dodgy with large numbers.

        • by guruevi ( 827432 )

          That's still 14,800 errors per 19 or simplified:
          1 out of 778 warnings is true.

          Having nothing is better than this, give me $100,000 for saying "educate your users" and you'll have a much better detection rate. The stats have to be reversed, you should only have ~1% erroneous warnings.

      • by guruevi ( 827432 )

        What actually happens is that people won't trust the 19 that it actually detects.

        Even if you ameliorate the statistics and say this is across 10,000 users which would be the best case, you're still talking about 1 positive warning for every ~10 negative warnings.

  • Yay Linux! (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Sunday August 20, 2017 @02:37PM (#55053107)

    The "honorable mention" found 158 critical zero-day in Linux kernel drivers (out of thousands of drivers). While it's horrible that they existed, it's fantastic that there is a tool that can find them really quickly! I hope it can be adapted to work on drivers for other kernels. :)

  • by Hentes ( 2461350 ) on Sunday August 20, 2017 @02:40PM (#55053123)

    Seriously, it's been over two decades.

    • Re: PGP (Score:3, Insightful)

      by Anonymous Coward

      Yeah, it's been two decades and email encryption and signing is still a horrible user experience, even for security professionals who understand it. It's no wonder it hasn't taken off.

  • They could try telling people what to look out for instead of scaring them with arcane and meaningless terms such as "spear-phishing"

The solution of this problem is trivial and is left as an exercise for the reader.