Title: Techniques to Assist Users for Making Security Decisions

Speaker: Sevtap Duman, PhD Candidate, College of Computer and Information Science at Northeastern University

Location: Northeastern University, 805 Columbus Avenue, Interdisciplinary Science and Engineering (ISEC) Complex, 6th Floor, Room #632, Boston, Massachusetts 02120

Abstract

Attackers hide their intentions and use imitations of legitimate systems.  Prominent attacks target end-users’ systems.  We examined two well-known instances of these attacks.  One of these attacks is the widespread use of trick banners that use social engineering techniques to lure victims into clicking on deceptive fake links and potentially leading to a malicious domain or malware.  Other examined approaches involve email attacks, such as spearphishing and email attachment attacks.  By impersonating trusted e-mail senders through carefully crafted messages and spoofed metadata, adversaries can trick victims into launching attachments containing malicious code or into clicking on malicious links that grant attackers a foothold into otherwise well-protected networks.  Unfortunately, current mitigations are unreliable and relying on fallible malware detection techniques or user education.

Our hypothesis is that online systems can be designed with optimized settings to help users to make security decisions efficiently.  Thus, in this dissertation, we propose three new approaches that help end-users to make decisions on security:

1) This dissertation shows how to distinguish trick banners from legitimate download links.  We present a set of features to characterize trick banners based on their visual properties such as image size, color, placement on the enclosing webpage, whether they contain animation effects, and whether they consistently appear with the same visual properties on consecutive loads of the same webpage.  We have implemented a tool called TrueClick, which uses image processing and machine learning techniques to build a classifier based on five identified features to detect the trick banners on a webpage automatically.

2) This dissertation shows how to identify a legitimate e-mail sender from a spearphishing email attack.  We present a novel auto- mated approach to defend users against spearphishing attacks. The approach first builds probabilistic models of both e-mail metadata and stylometric features of e-mail content.  Then, subsequent e-mails are compared to these models to detect characteristic indicators of spearphishing attacks.

3) This dissertation aids the end-user in making an informed decision about whether or not an e-mail attachment is malicious. We propose adopting a default policy of isolated attachment rendering.  E-mails bearing attachments are transparently rewritten to contain static renderings of the attachments within a sandboxed virtual machine environment.

About the Speaker

Sevtap Duman is a PhD Candidate in the Information Assurance program at Northeastern University’s College of Computer and Information Science, advised by Professor Engin Kirda.  Before joining the PhD program, Sevtap earned her bachelor’s degree in Computer Engineering from Gazi University and her master’s degree in Computer Engineering from Boston University.

She is a Research Assistant and member of the Systems Security Laboratory (SecLab) Group at Northeastern University, and she is interested in researching the constant threats to web security through the cybercriminal’s eyes.

Committee

Professor, Engin Kirda, Interdisciplinary Professor, College of Computer and Information Science and College of Engineering at Northeastern University (Advisor)
Professor William Robertson, Interdisciplinary Assistant Professor, College of Computer and Information Science and College of Engineering at Northeastern University (Advisor)
Professor Alina Oprea, Associate Professor, College of Computer and Information Science at Northeastern University
Professor Manuel Egele, Assistant Professor, Department of Electrical and Computer Engineering at Boston University