Asaf Cidon: Fully Automated Real-time Spear Phishing Detection

Date: 

Monday, October 30, 2017, 11:30am to 1:00pm

Location: 

Maxwell Dworkin 119

Abstract: In the past few years, spear phishing and email-borne social engineering have become one of the most costly security threats, causing over $5 billion in reported losses. These attacks take several forms: some ask the recipient to wire transfer money to the attacker's account, others ask for W2 forms containing social security numbers, and some trick the recipient into sending their credentials by impersonating a widely used service like Microsoft Outlook. Existing security systems fail to detect spear phishing, because the emails typically do not contain overtly malicious attachments or links, and are personalized to each recipient. Prior research requires manual work from security analysts to inspect emails individually, and suffers from low accuracy and a high false positive rate. We present Sentinel, a security system that automatically detects and quarantines spear phishing attacks in real-time using supervised learning, without requiring any manual analysis or configuration. The key insight of Sentinel is to automatically learn the historical communication patterns of each organization, and use these patterns to detect anomalies. Sentinel leverages the APIs of cloud-based email systems (e.g., Office 365 and GMail), both to automatically learn the historical communication patterns of each organization within hours, and to quarantine emails in real-time. Sentinel achieves false positive rates of less than one in a million emails, and accuracy above 95%.

Biography: Asaf Cidon is the Vice President, Content Security Services at Barracuda Networks, where he co-leads the development of Barracuda Sentinel. Asaf completed his PhD at Stanford, where his research focused on how to provide reliability and performance guarantees in large-scale cloud environments, and was adopted by several companies, including Facebook, Tibco, and Chartbeat. During his PhD, he founded and served as the CEO of Sookasa, a cloud storage security startup, which was acquired by Barracuda Networks in 2016. He is the recipient of SC Media's 2017 Rising Star Award and the Stanford Graduate Fellowship.