Abstract
Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today’s online users. One clever technique, the ``watering hole’’ attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) an iterative algorithm which solves for the optimal protection policy using (i) a characterization of websites that may be compromised, (ii) an LP-relaxation with optimality condition, and (iii) the column generation method. A Chrome extension is being built to field our algorithms in the real world.
Abstract (translated by Google)
URL
http://arxiv.org/abs/1901.00586