research-article

Open access

To Get Lost is to Learn the Way: Automatically Collecting Multi-step Social Engineering Attacks on the Web

Authors:

Takashi Koide,

Daiki Chiba,

Mitsuaki AkiyamaAuthors Info & Claims

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Pages 394 - 408

https://doi.org/10.1145/3320269.3384714

Published: 05 October 2020 Publication History

PDF eReader

Abstract

By exploiting people's psychological vulnerabilities, modern web-based social engineering (SE) attacks manipulate victims to download malware and expose personal information. To effectively lure users, some SE attacks constitute a sequence of web pages starting from a landing page and require browser interactions at each web page, which we call multi-step SE attacks. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks.

We propose StraySheep, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We evaluate the effectiveness of StraySheep's three modules (landing-page-collection, web-crawling, and SE-detection) in terms of the rate of collected landing pages leading to SE attacks, efficiency of web crawling to reach more SE attacks, and accuracy in detecting the attacks. Our experimental results indicate that StraySheep can lead to 20% more SE attacks than Alexa top sites and search results of trend words, crawl five times more efficiently than a simple crawling module, and detect SE attacks with 95.5% accuracy. We demonstrate that StraySheep can collect various SE attacks; not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions redirecting users to attacks.

Supplementary Material

MP4 File (3320269.3384714.mp4)

Web-based social engineering (SE) attacks manipulate users to download malware and expose personal information. To effectively lure users, some SE attacks constitute a sequence of web pages starting from a landing page and require browser interactions at each web page, which we call multi-step SE attacks. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks. We propose StraySheep, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We demonstrate that StraySheep can collect various SE attacks; not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions redirecting users to attacks.

Download
73.08 MB

References

[1]

2019. Doc2vec paragraph embeddings. https://radimrehurek.com/gensim/models/doc2vec.html.

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Current challenges in web crawling

Web Vulnerability Detection Analyzer Based on Python

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations