Asaf Cidon
Monday, April 30, 2018 at 12 PM in 380 Soda Hall
Title: Fully Automated Online Spear Phishing Detection
Abstract: In recent years, spear phishing and email-borne social engineering have become one of the most costly security threats, causing over $9 billion in reported losses. Spear phishing emails take several forms: some ask the recipient to wire transfer money to the attacker’s account, others request W-2 forms, and some trick the recipient into following a link, which compromises their credentials or downloads malware to their device. Existing email security solutions are not effective in detecting spear phishing, because these attacks typically do not contain overtly malicious attachments or links, and are highly personalized. Prior research to prevent spear phishing requires manual work from security analysts and from a high false positive rate. We present Sentinel, a security system that automatically detects and quarantines spear phishing attacks in real-time in a production environment using supervised learning, without requiring any manual analysis or configuration. The main challenges in designing Sentinel is the need to categorize millions of emails in order to train its classifiers, and to properly train the classifiers when the occurrence of spear phishing emails is very rare. We discuss how Sentinel's design addresses these challenges. Sentinel utilizes the public APIs of cloud-based email systems both to automatically learn the historical communication patterns of each organization, and to quarantine emails in real-time. Sentinel achieves false positive rates of less than one in a million emails, and precision of 89%, outperforming prior art by several orders of magnitude.
Bio: Asaf Cidon is the Vice President of Email Security at Barracuda Networks, where he co-leads the email security team. His team is focused on developing new technologies for combating email-borne social engineering attacks. Asaf completed his PhD at Stanford, where his research focused on how to provide reliability and performance guarantees in cloud storage systems, and was adopted by several companies, including Facebook, Tibco, and Chartbeat. During his PhD, he founded and served as the CEO of Sookasa, a cloud storage security startup, which was acquired by Barracuda Networks in 2016.