Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Win $100,000 For New Spear-Phishing Detection Method (bleepingcomputer.com)

Posted by EditorDavid on from the artisanal-phishing dept.

An anonymous reader writes: Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. The team created a detection system -- called DAS (Directed Anomaly Scoring) -- that identifies uncommon patterns in emails communications. They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.

"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.

Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.

13 of 28 comments (clear)

  1. Fools by fahrbot-bot · · Score: 1

    Researchers Win $100,000 For New Spear-Phishing Detection Method

    You fools! The fish can use this for defense in the upcoming Global Fish War.

    --
    It must have been something you assimilated. . . .
    1. Re:Fools by __aaclcg7560 · · Score: 1

      That's why my daddy always used a quarter-stick of dynamite when fishing. The fishes won't know what hit them first.

  2. Manageable number of false positives by cmseagle · · Score: 1

    Their sample was 370 million emails over the course of four years. With a false positive rate of 0.004%, that works out to about 10 messages per day for a company with "thousands of employees." Impressive.

    1. Re:Manageable number of false positives by Anonymous Coward · · Score: 1

      Rate of 0.004% on 370 million is 14,800... not 1,480,000.

    2. Re:Manageable number of false positives by __aaclcg7560 · · Score: 1

      Rate of 0.004% on 370 million is 14,800... not 1,480,000.

      The Windows Calculator was always dodgy with large numbers.

    3. Re:Manageable number of false positives by guruevi · · Score: 1

      What actually happens is that people won't trust the 19 that it actually detects.

      Even if you ameliorate the statistics and say this is across 10,000 users which would be the best case, you're still talking about 1 positive warning for every ~10 negative warnings.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    4. Re:Manageable number of false positives by guruevi · · Score: 1

      That's still 14,800 errors per 19 or simplified:
      1 out of 778 warnings is true.

      Having nothing is better than this, give me $100,000 for saying "educate your users" and you'll have a much better detection rate. The stats have to be reversed, you should only have ~1% erroneous warnings.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  3. Re: Should be 100% detection by __aaclcg7560 · · Score: 3, Funny

    You can easiy get 100% avoidance by just not using email and otherwise communicating with anybody.

    The prime contractor for the government project that I work on implemented an aggressive phishing campaign by their security consultants. Click on phishing email, take more training. Click on too many phishing emails, get written up. My coworkers and I stopped reading emails from the prime contractor, which was mostly password reset and IT notifications. Upper management is confused as to why so many project managers are relaying information in the weekly staff meetings instead of email. Maybe they should ask their security consultants.

  4. Yay Linux! by Gravis+Zero · · Score: 3, Insightful

    The "honorable mention" found 158 critical zero-day in Linux kernel drivers (out of thousands of drivers). While it's horrible that they existed, it's fantastic that there is a tool that can find them really quickly! I hope it can be adapted to work on drivers for other kernels. :)

    --
    Anons need not reply. Questions end with a question mark.
  5. PGP by Hentes · · Score: 2

    Seriously, it's been over two decades.

    1. Re: PGP by Anonymous Coward · · Score: 3, Insightful

      Yeah, it's been two decades and email encryption and signing is still a horrible user experience, even for security professionals who understand it. It's no wonder it hasn't taken off.

  6. Another possible tactic by Bohnanza · · Score: 1

    They could try telling people what to look out for instead of scaring them with arcane and meaningless terms such as "spear-phishing"

    --

    -----

    Sorry, I'm only a 1336 h4x0r.

    1. Re:Another possible tactic by jbmartin6 · · Score: 1

      I like to use the word "scam" instead which people already understand.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.