Slashdot Mirror
Researchers Win $100,000 For New Spear-Phishing Detection Method (bleepingcomputer.com)
An anonymous reader writes: Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. The team created a detection system -- called DAS (Directed Anomaly Scoring) -- that identifies uncommon patterns in emails communications. They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.
"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.
Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.
"Out of 19 spearphishing attacks, our detector failed to detect 2 attacks," the research team said. "Our detector [also] achieved an average false positive rate of 0.004%," researchers added, pointing out that this is almost 200 times better than previous research.
Honorable mentions went two other projects, one for using existing static analysis techniques to find a large number of vulnerabilities in Linux kernel drivers, and another for preventing specific classes of vulnerabilities in low-level code.
You can easiy get 100% avoidance by just not using email and otherwise communicating with anybody.
The prime contractor for the government project that I work on implemented an aggressive phishing campaign by their security consultants. Click on phishing email, take more training. Click on too many phishing emails, get written up. My coworkers and I stopped reading emails from the prime contractor, which was mostly password reset and IT notifications. Upper management is confused as to why so many project managers are relaying information in the weekly staff meetings instead of email. Maybe they should ask their security consultants.
The "honorable mention" found 158 critical zero-day in Linux kernel drivers (out of thousands of drivers). While it's horrible that they existed, it's fantastic that there is a tool that can find them really quickly! I hope it can be adapted to work on drivers for other kernels. :)
Anons need not reply. Questions end with a question mark.
Seriously, it's been over two decades.