Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK
This addresses cybersecurity threats for organizations and online users, presenting a novel approach but with incremental implementation.
The paper tackles the problem of mitigating social engineering attacks, specifically watering hole attacks, by introducing a game-theoretic model and the CyberTWEAK algorithm to deceive attackers, with a publicly available browser extension developed for practical use.
Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today's online users. One clever technique, the "watering hole" attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal protection policy. To illustrate the potential use of our framework, we built a browser extension based on our algorithms which is now publicly available online. The CyberTWEAK extension will be vital to the continued development and deployment of countermeasures for social engineering.