Data-Driven Social-Engineering Based Approach for All-Media Phishing Detection

Mohammad Ali

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science and Info Sys

Date of Award

8-14-2024

Abstract

In today’s world, social engineering is one of the most challenging problems in cybersecurity. According to reports, 82% of successful data breaches in 2021 were caused by social engineering attacks. Using social engineering principles, threat actors manipulate people into breaking security controls and gaining access to an organization’s network and assets. Most recently, social engineering attacks have become more complicated and have evolved to target victims through multiple media channels: email, voice, SMS, social media, etc. In this work, we investigate how adopting a social engineering framework can improve 1) detection and 2) education. We propose a social-engineering framework that identifies social-engineering principles used in phishing attempts across different media communication media types (email, text, robocalls, etc.), and we leverage LLM models to label curated datasets, then we develop multi-classification models on the generated dataset. This work forms the basis of future tools that can provide users with real-time analysis of received media communication by highlighting social-engineering elements used in communication. Ultimately, this will enable users to build expertise in identifying and responding responsibly to phishing attempts, avoiding falling victim to yet another attack. The primary contributions of this study can be summarized as follows: v 1. Building a framework that provides a comprehensive structure for understanding and analyzing social engineering attacks. 2. Creating a labeled dataset specifically tailored toward social engineering attacks studies. 3. Creating detection models using machine learning techniques, and testing those models using our own curated and labeled social engineering datasets. Keywords: Social Engineering, Phishing, LLM, Cybersecurity, Framework.

Advisor

Abdullah Arsalan

Subject Categories

Computer Sciences | Physical Sciences and Mathematics

Link to Full Text

Share

COinS