Phishing is a dangerous and popular cyber attack that exerts high costs on Internet users and corporations and that has strong implications for national security. Most anti-phishing solutions have focused on automatic detection via a combination of vetting of known malicious websites (blocklists) and using machine learning to filter phishing. Although successful in practice, these approaches cannot prevent new phishing strategies from reaching users because determining malicious intent in text remains an unsolved problem. Messages and websites used in attacks constantly change, rendering blocklists and learning models quickly outdated. This project is developing a warning tool for web mail that exposes to users a key invariant of phishing attacks: the application of persuasive influence in the message text, framing the message as either potentially causing a gain or a loss, and creating emotional salience of its content (positive or negative). This project is performed in collaboration with the Google Security and Anti-Abuse Team. It has large potential for technology transfer and organic collaboration between industry and university. The project also has an educational component through a workshop on phishing awareness for a K-12 public school in Gainesville, Florida.

The tool to be created and tested relies on a novel machine learning framework that exposes different types of influence cues in text via a combination of topic modeling, sentiment analysis, and standard machine learning algorithms. Warnings are generated according to an estimated user susceptibility score for the email, which is computed via susceptibility datasets in collaboration with Google. Tool evaluation is based on a behavioral-based user study that investigates whether or not the tool reduces real-life susceptibility to email phishing. The overall goals are to improve human-based detection and users' decision-making processes, and to reduce users' likelihood of falling for phishing.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
2028734
Program Officer
Sara Kiesler
Project Start
Project End
Budget Start
2020-10-01
Budget End
2023-09-30
Support Year
Fiscal Year
2020
Total Cost
$500,000
Indirect Cost
Name
University of Florida
Department
Type
DUNS #
City
Gainesville
State
FL
Country
United States
Zip Code
32611