Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

TL;DR

This study evaluates machine learning techniques for detecting various social engineering attacks, demonstrating their effectiveness and complementarity with knowledge graph approaches through extensive experiments.

Contribution

It introduces new datasets and features derived from knowledge graphs, and compares multiple ML models for general social engineering threat detection.

Findings

ML techniques are effective in detecting general SE attacks

Generated datasets are practical and useful for SE research

Some ML models outperform others in threat detection accuracy

Abstract

This paper explores the threat detection for general Social Engineering (SE) attack using Machine Learning (ML) techniques, rather than focusing on or limited to a specific SE attack type, e.g. email phishing. Firstly, this paper processes and obtains more SE threat data from the previous Knowledge Graph (KG), and then extracts different threat features and generates new datasets corresponding with three different feature combinations. Finally, 9 types of ML models are created and trained using the three datasets, respectively, and their performance are compared and analyzed with 27 threat detectors and 270 times of experiments. The experimental results and analyses show that: 1) the ML techniques are feasible in detecting general SE attacks and some ML models are quite effective; ML-based SE threat detection is complementary with KG-based approaches; 2) the generated datasets are usable and the SE domain ontology proposed in previous work can dissect SE attacks and deliver the SE threat features, allowing it to be used as a data model for future research. Besides, more conclusions and analyses about the characteristics of different ML detectors and the datasets are discussed.