A Modular and Adaptive System for Business Email Compromise Detection
- URL: http://arxiv.org/abs/2308.10776v1
- Date: Mon, 21 Aug 2023 15:06:02 GMT
- Title: A Modular and Adaptive System for Business Email Compromise Detection
- Authors: Jan Brabec, Filip \v{S}rajer, Radek Starosta, Tom\'a\v{s} Sixta, Marc
Dupont, Milo\v{s} Lenoch, Ji\v{r}\'i Men\v{s}\'ik, Florian Becker, Jakub
Boros, Tom\'a\v{s} Pop, Pavel Nov\'ak
- Abstract summary: Business Email Compromise (BEC) and spear phishing attacks pose significant challenges to organizations worldwide.
Recent advances in machine learning, particularly in Natural Language Understanding (NLU), offer a promising avenue for combating such attacks.
We present CAPE, a comprehensive and efficient system for BEC detection that has been proven in a production environment for a period of over two years.
- Score: 0.7490096698922335
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The growing sophistication of Business Email Compromise (BEC) and spear
phishing attacks poses significant challenges to organizations worldwide. The
techniques featured in traditional spam and phishing detection are insufficient
due to the tailored nature of modern BEC attacks as they often blend in with
the regular benign traffic. Recent advances in machine learning, particularly
in Natural Language Understanding (NLU), offer a promising avenue for combating
such attacks but in a practical system, due to limitations such as data
availability, operational costs, verdict explainability requirements or a need
to robustly evolve the system, it is essential to combine multiple approaches
together. We present CAPE, a comprehensive and efficient system for BEC
detection that has been proven in a production environment for a period of over
two years. Rather than being a single model, CAPE is a system that combines
independent ML models and algorithms detecting BEC-related behaviors across
various email modalities such as text, images, metadata and the email's
communication context. This decomposition makes CAPE's verdicts naturally
explainable. In the paper, we describe the design principles and constraints
behind its architecture, as well as the challenges of model design, evaluation
and adapting the system continuously through a Bayesian approach that combines
limited data with domain knowledge. Furthermore, we elaborate on several
specific behavioral detectors, such as those based on Transformer neural
architectures.
Related papers
- INTELLECT: Adapting Cyber Threat Detection to Heterogeneous Computing Environments [0.055923945039144884]
This paper introduces INTELLECT, a novel solution that integrates feature selection, model pruning, and fine-tuning techniques into a cohesive pipeline for the dynamic adaptation of pre-trained ML models and configurations for IDSs.
We demonstrate the advantages of incorporating knowledge distillation techniques while fine-tuning, enabling the ML model to consistently adapt to local network patterns while preserving historical knowledge.
arXiv Detail & Related papers (2024-07-17T22:34:29Z) - A Novel Generative AI-Based Framework for Anomaly Detection in Multicast Messages in Smart Grid Communications [0.0]
Cybersecurity breaches in digital substations pose significant challenges to the stability and reliability of power system operations.
This paper proposes a task-oriented dialogue system for anomaly detection (AD) in datasets of multicast messages.
It has a lower potential error and better scalability and adaptability than a process that considers the cybersecurity guidelines recommended by humans.
arXiv Detail & Related papers (2024-06-08T13:28:50Z) - Building Hybrid B-Spline And Neural Network Operators [0.0]
Control systems are indispensable for ensuring the safety of cyber-physical systems (CPS)
We propose a novel strategy that combines the inductive bias of B-splines with data-driven neural networks to facilitate real-time predictions of CPS behavior.
arXiv Detail & Related papers (2024-06-06T21:54:59Z) - Large AI Model-Based Semantic Communications [58.394527592974576]
We propose a large AI model-based SC framework (LAM-SC) specifically designed for image data.
We first design the segment anything model (SAM)-based KB (SKB) that can split the original image into different semantic segments by universal semantic knowledge.
We then present an attention-based semantic integration (ASI) to weigh the semantic segments generated by SKB without human participation and integrate them as the semantic-aware image.
arXiv Detail & Related papers (2023-07-07T10:01:08Z) - Causal Semantic Communication for Digital Twins: A Generalizable
Imitation Learning Approach [74.25870052841226]
A digital twin (DT) leverages a virtual representation of the physical world, along with communication (e.g., 6G), computing, and artificial intelligence (AI) technologies to enable many connected intelligence services.
Wireless systems can exploit the paradigm of semantic communication (SC) for facilitating informed decision-making under strict communication constraints.
A novel framework called causal semantic communication (CSC) is proposed for DT-based wireless systems.
arXiv Detail & Related papers (2023-04-25T00:15:00Z) - Interactive System-wise Anomaly Detection [66.3766756452743]
Anomaly detection plays a fundamental role in various applications.
It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data.
We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
arXiv Detail & Related papers (2023-04-21T02:20:24Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - Deep Learning based Covert Attack Identification for Industrial Control
Systems [5.299113288020827]
We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids.
The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
arXiv Detail & Related papers (2020-09-25T17:48:43Z) - Deep Multi-Task Learning for Cooperative NOMA: System Design and
Principles [52.79089414630366]
We develop a novel deep cooperative NOMA scheme, drawing upon the recent advances in deep learning (DL)
We develop a novel hybrid-cascaded deep neural network (DNN) architecture such that the entire system can be optimized in a holistic manner.
arXiv Detail & Related papers (2020-07-27T12:38:37Z) - Towards an Interface Description Template for AI-enabled Systems [77.34726150561087]
Reuse is a common system architecture approach that seeks to instantiate a system architecture with existing components.
There is currently no framework that guides the selection of necessary information to assess their portability to operate in a system different than the one for which the component was originally purposed.
We present ongoing work on establishing an interface description template that captures the main information of an AI-enabled component.
arXiv Detail & Related papers (2020-07-13T20:30:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.