Semantic analysis of dialogs to detect social engineering attacks

Cyberattackers often attack the weakest point of system, which is increasingly the people who use and interact with a computer-based system. A great deal of research has been dedicated to protection of computer-based assets, but by exploiting human vulnerabilities, an attacker can circumvent many computer-based defenses. Phishing emails are a common form of social engineering attack, but the most effective attacks involve dialog between the attacker and the target. A robust approach to detecting a social engineering attack must be broadly applicable to a range of different attack vectors. We present an approach to detecting a social engineering attack which uses a pre-defined Topic Blacklist (TBL) to verify the discussion topics of each line of text generated by the potential attacker. If a line of text from the attacker involves a topic in the blacklist, an attack is detected and a warning message is generated. Our approach is generally applicable to any attack vector since it relies only on the dialog text. Our approach is robust in the presence of the incorrect grammar often used in casual English dialog. We have applied our approach to analyze the transcripts of several attack dialogs and we have achieved high detection accuracy and low false positive rates in our experiments.