* update 2024-01-14 06:16:28

yuriufo · Jan 13, 2024 · 0ef27d7 · 0ef27d7
1 parent 937b6b5
commit 0ef27d7
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/arXiv_db/Malware/2024.md b/arXiv_db/Malware/2024.md
@@ -66,3 +66,15 @@
 
 </details>
 
+<details>
+
+<summary>2024-01-10 22:25:44 - SENet: Visual Detection of Online Social Engineering Attack Campaigns</summary>
+
+- *Irfan Ozen, Karthika Subramani, Phani Vadrevu, Roberto Perdisci*
+
+- `2401.05569v1` - [abs](http://arxiv.org/abs/2401.05569v1) - [pdf](http://arxiv.org/pdf/2401.05569v1)
+
+> Social engineering (SE) aims at deceiving users into performing actions that may compromise their security and privacy. These threats exploit weaknesses in human's decision making processes by using tactics such as pretext, baiting, impersonation, etc. On the web, SE attacks include attack classes such as scareware, tech support scams, survey scams, sweepstakes, etc., which can result in sensitive data leaks, malware infections, and monetary loss. For instance, US consumers lose billions of dollars annually due to various SE attacks. Unfortunately, generic social engineering attacks remain understudied, compared to other important threats, such as software vulnerabilities and exploitation, network intrusions, malicious software, and phishing. The few existing technical studies that focus on social engineering are limited in scope and mostly focus on measurements rather than developing a generic defense. To fill this gap, we present SEShield, a framework for in-browser detection of social engineering attacks. SEShield consists of three main components: (i) a custom security crawler, called SECrawler, that is dedicated to scouting the web to collect examples of in-the-wild SE attacks; (ii) SENet, a deep learning-based image classifier trained on data collected by SECrawler that aims to detect the often glaring visual traits of SE attack pages; and (iii) SEGuard, a proof-of-concept extension that embeds SENet into the web browser and enables real-time SE attack detection. We perform an extensive evaluation of our system and show that SENet is able to detect new instances of SE attacks with a detection rate of up to 99.6% at 1% false positive, thus providing an effective first defense against SE attacks on the web.
+
+</details>
+