In AAAI Conference on Artificial Intelligence. 2016.
This is the author's version of the work.
Download
Abstract
Highly targeted spear phishing attacks are increasingly
common, and have been implicated in many major security
breeches. Email filtering systems are the first line of defense
against such attacks. These filters are typically configured
with uniform thresholds for deciding whether or not to allow
a message to be delivered to a user. However, users have
very significant differences in both their susceptibility to
phishing attacks as well as their access to critical information
and credentials that can cause damage. Recent work has
considered setting personalized thresholds for individual
users based on a Stackelberg game model. We consider
two important extensions of the previous model. First, in
our model user values can be substitutable, modeling cases
where multiple users provide access to the same information
or credential. Second, we consider attackers who make
sequential attack plans based on the outcome of previous
attacks. Our analysis starts from scenarios where there
is only one credential and then extends to more general
scenarios with multiple credentials. For single-credential
scenarios, we demonstrate that the optimal defense strategy
can be found by solving a binary combinatorial optimization
problem called PEDS. For multiple-credential scenarios, we
formulate it as a bilevel optimization problem for finding the
optimal defense strategy and then reduce it to a single level
optimization problem called PEMS using complementary
slackness conditions. Experimental results show that both
PEDS and PEMS lead to significant higher defender utilities
than two existing benchmarks in different parameter settings.
Also, both PEDS and PEMS are more robust than the
existing benchmarks considering uncertainties.
