Online attacks can cause not only temporary asset loss, but long-term psychological or emotional harm to victims as well. The richness and large scale of online communication data open up new opportunities for detecting online attacks. However, attackers are motivated to constantly adapt their behaviors to changes in security operations to evade detection. Deception underlies most attacks in online communication, and people are poor at detecting deception. Against this backdrop, this project aims to improve the resilience of solutions to online attacks and enable predictive methods for their detection. Although a complete set of deception behaviors of online attackers is assumed to be unknown, there is a reason to expect that some behaviors are more difficult for attackers to control than others. By identifying such behaviors and their relations in online communication, the project lays the groundwork for the development of resilient and predictive approaches to the detection of online attacks, and advances the state of knowledge on online deception behavior and its identification. At the educational front, the project provides new educational material for enriching the curriculum in cyber security and related disciplines. The interdisciplinary nature of this work contributes to graduate student training toward a new generation of scientists who are capable of conducting multi-disciplinary cutting-edge research using a variety of research methods. The PIs actively engage students at both graduate and undergraduate levels in their research activities, particularly making a strong effort to engage women and underrepresented minorities.
Online attackers' evolving behaviors can make the existing solutions to online attacks become ineffective quickly. This project not only discovers new deception behaviors and their relations from the discourse and structure of online communication, but also determines attackers' behavioral control during online attacks by comparing different types of online deception behavior. Further, this project develops techniques for automatic extraction of deception behaviors from online communication by building upon natural language processing and network analysis techniques. Some anticipated advances include: (1) deception theory extension by investigating deception behavior in online attacks via a new lens of behavior control, (2) guidelines on how to improve the resilience of online attack detection methods by identifying deception behaviors that likely escape the attackers' control attempt, (3) a predictive approach to attack detection in online communication by exploring the temporal relationships among deception behaviors, and (4) techniques for extracting deception behaviors from online discourse and structure. This project can lead to integrative and effective methods for online attack detection.