Researchers Win $100,000 For New Spear-Phishing Detection Method

An anonymous reader writes: Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. The team created a detection system -- called DAS (Directed Anomaly Scoring) -- that identifies uncommon patterns in emails communications. They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.

"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.

Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.

Yay Linux!

[Gravis+Zero]

The "honorable mention" found 158 critical zero-day in Linux kernel drivers (out of thousands of drivers). While it's horrible that they existed, it's fantastic that there is a tool that can find them really quickly! I hope it can be adapted to work on drivers for other kernels. :)

Re: PGP

Yeah, it's been two decades and email encryption and signing is still a horrible user experience, even for security professionals who understand it. It's no wonder it hasn't taken off.