Researchers at the University of California, Berkeley and collaborators have proposed DAS, a method for detecting credential spear-phishing attacks.
The team used a dataset of about 370 million emails from Lawrence Berkeley National Laboratory to analyze an attack's stages, then devised DAS to identify anomalies, uncovering 19 known spear-phishing campaigns in the dataset.
The researchers deconstructed the taxonomy of credential spear-phishing, demonstrating that enterprises can develop their own form of reputation monitoring from enterprise traffic monitoring.
"Our detector can detect real-world attacks, including those from a previously unseen attacker, with a budget of 10 alerts per day," the researchers say.
From a random sample of 100 days, DAS yielded figures ranging from 19 to zero alerts daily, with the average being seven alerts daily.
"Our detector's ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spear-phishing attacks," the team says.
From Security Week
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA
No entries found