Myeongsoo Kim

Myeongsoo Kim

Applied Scientist at AWS AI working on Amazon Q Developer. Building LLM-based AI agents for automated code generation and intelligent software development tools.

Catch me, Yes we can! - Pwning Social Engineers using Natural Language Processing Techniques in Real-Time

Published in Black Hat USA 2018 (White Paper), 2018

Social engineering attacks are one of the most common and least defended security threats today. This white paper presents an approach which analyzes attack content to detect inappropriate statements which are indicative of social engineering attacks.

Resources:

Key Contributions

The approach is novel compared to previous work because it focuses on natural language text contained in the attack, performing semantic analysis of the text to detect malicious intent. This makes the approach applicable to detect social engineering attacks using non-email attack vectors, including:

  • Texting applications
  • Chat applications
  • Phone/in-person attacks (converted to text using speech-to-text)

The system identifies sentences with malicious intent by detecting:

  • Questions whose answers are private
  • Commands to perform forbidden operations

The approach leverages question answering systems to determine privacy status of answers, and uses verb-object pairs to evaluate whether commands describe forbidden operations. The effectiveness was demonstrated using a large benchmark set of phishing emails.

BibTeX

@misc{kim2018catch,
  title={Catch me, yes we can!-pwning social engineers using natural language processing techniques in real-time},
  author={Kim, Myeongsoo and Song, Changheon and Kim, Hyeji and Park, Deahyun and Kwon, Yeeji and Namkung, Eun and Harris, Ian G and Carlsson, Marcel},
  year={2018},
  howpublished={Black Hat USA 2018 White Paper},
  url={https://www.blackhat.com/us-18/briefings/schedule/#catch-me-yes-we-can--pwning-social-engineers-using-natural-language-processing-techniques-in-real-time-9946}
}

Recommended citation: Myeongsoo Kim, Changheon Song, Hyeji Kim, Deahyun Park, Yeeji Kwon, Eun Namkung, Ian G Harris, Marcel Carlsson. (2018). "Catch me, Yes we can! - Pwning Social Engineers using Natural Language Processing Techniques in Real-Time." Black Hat USA 2018 White Paper.
Download Paper | Watch Video