This research is aimed at preventing harm from phishing attacks. Phishing attacks have been on the rise in the last few years with nearly 450,000 attacks and record estimated losses of over USD $5.9 billion just in the year 2013 alone. These attacks attempt to acquire personal information, such as username and passwords, through fraudulent emails. Phishing emails are becoming more targeted, using personal information about their intended victims, in an attempt to seem like authentic emails and improve the response rate to the attacks. If a large number of participants who receive a phishing email can respond to it strategically using fake or deceptive information, the attacker will be overwhelmed and misled by the number of responses, and thus making it more costly to locate the victim. In this way, vulnerable users who tend to fall victim to phishing scams will be hidden in a number of fake responses. The cooperative large-population behavior of the defenders can increase significantly the cost of attack, and hence reduce the economic incentives for the attacker to send phishing email. This type of defense mechanism is called crowd defense. This project will holistically explore the psychological, economic, behavioral, and technical aspects of crowd defense mechanism design.
Crowd defense is a critical defense mechanism to reverse the asymmetric advantage from the attacker to the defender. The research aims to understand the psychological and economic factors in the behavior of crowd defenders, create essential behavioral game-theoretic design frameworks, and develop a proof-of-concept automated software system that enables users to coordinate and respond automatically to phishing. The analytical and design methodologies developed for anti-phishing crowd defense can be broadly applied to other security problems, such as distributed denial of service attacks (DDoS), advanced persistent threats (APT), and coordinated reconnaissance. The tools created in this project will be released as open-source for building a more collaborative and trustworthy cyberspace. The PIs are committed to public education through outreach activities that will further increase the participation of women and minorities as graduate and undergraduate students in the project.
