Detecting Asks in SE attacks: Impact of Linguistic and Structural Knowledge
This work addresses the problem of social engineering attacks for users, providing a system to inform about risks, but it is incremental as it builds on existing NLP and computational sociolinguistics methods.
The paper tackled the problem of detecting social engineering attacks by identifying manipulative requests (asks) and their framing, using linguistic resources and structural clues like links to improve detection performance.
Social engineers attempt to manipulate users into undertaking actions such as downloading malware by clicking links or providing access to money or sensitive information. Natural language processing, computational sociolinguistics, and media-specific structural clues provide a means for detecting both the ask (e.g., buy gift card) and the risk/reward implied by the ask, which we call framing (e.g., lose your job, get a raise). We apply linguistic resources such as Lexical Conceptual Structure to tackle ask detection and also leverage structural clues such as links and their proximity to identified asks to improve confidence in our results. Our experiments indicate that the performance of ask detection, framing detection, and identification of the top ask is improved by linguistically motivated classes coupled with structural clues such as links. Our approach is implemented in a system that informs users about social engineering risk situations.