CS/EE Networking Seminar: Fully Automated Real-time Spear Phishing Detection

Date: 2:00pm, December 8, 2017
Location: EE Conference Room, Mudd 1306
Speaker: Dr. Asaf Cidon, VP Content Security Services, Barracuda Networks

Abstract: In recent years, spear phishing and email-borne social engineering have become one of the most costly security threats, causing over $5 billion in reported losses. Spear phishing emails take several forms: some ask the recipient to wire transfer money to the attacker’s account, others request W-2 forms, and some trick the recipient into following a link, which compromises their credentials or downloads malware to their device. Existing email security solutions are not effective in detecting spear phishing, because these attacks typically do not contain overtly malicious attachments or links, and are highly personalized. Prior research to detect spear phishing requires manual work from security analysts and suffers from a very high false positive rate and low precision.

We present Sentinel, a security system that automatically detects and quarantines spear phishing attacks in real-time in a production environment using supervised learning, without requiring any manual analysis or configuration. The main challenges in designing Sentinel is the need to categorize millions of emails in order to train its classifiers, and to properly train the classifiers when the occurrence of spear phishing emails is very rare. We discuss the solutions we designed to address these challenges. Sentinel utilizes the public APIs of cloud-based email systems both to automatically learn the historical communication patterns of each organization, and to quarantine emails in real-time. Sentinel achieves false positive rates of less than one in a million emails, and precision above 95%, significantly outperforming prior art.

Biography: Asaf Cidon is the Vice President, Content Security Services at Barracuda Networks, where he co-leads the development of Barracuda Sentinel. Asaf completed his PhD at Stanford, where his research focused on how to provide reliability and performance guarantees in large-scale cloud environments, and was adopted by several companies, including Facebook, Tibco, and Chartbeat. During his PhD, he founded and served as the CEO of Sookasa, a cloud storage security startup, which was acquired by Barracuda Networks in 2016. He is the recipient of SC Media's 2017 Rising Star Award and the Stanford Graduate Fellowship.

Host: Prof. Gil Zussman

500 W. 120th St., Mudd 1310, New York, NY 10027    212-854-3105               
©2014 Columbia University