A Modular and Adaptive System for Business Email Compromise Detection

• URL: http://arxiv.org/abs/2308.10776v1
• Date: Mon, 21 Aug 2023 15:06:02 GMT
• Title: A Modular and Adaptive System for Business Email Compromise Detection
• Authors: Jan Brabec, Filip \v{S}rajer, Radek Starosta, Tom\'a\v{s} Sixta, Marc Dupont, Milo\v{s} Lenoch, Ji\v{r}\'i Men\v{s}\'ik, Florian Becker, Jakub Boros, Tom\'a\v{s} Pop, Pavel Nov\'ak
• Abstract summary: Business Email Compromise (BEC) and spear phishing attacks pose significant challenges to organizations worldwide. Recent advances in machine learning, particularly in Natural Language Understanding (NLU), offer a promising avenue for combating such attacks. We present CAPE, a comprehensive and efficient system for BEC detection that has been proven in a production environment for a period of over two years.
• Score: 0.7490096698922335
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The growing sophistication of Business Email Compromise (BEC) and spear phishing attacks poses significant challenges to organizations worldwide. The techniques featured in traditional spam and phishing detection are insufficient due to the tailored nature of modern BEC attacks as they often blend in with the regular benign traffic. Recent advances in machine learning, particularly in Natural Language Understanding (NLU), offer a promising avenue for combating such attacks but in a practical system, due to limitations such as data availability, operational costs, verdict explainability requirements or a need to robustly evolve the system, it is essential to combine multiple approaches together. We present CAPE, a comprehensive and efficient system for BEC detection that has been proven in a production environment for a period of over two years. Rather than being a single model, CAPE is a system that combines independent ML models and algorithms detecting BEC-related behaviors across various email modalities such as text, images, metadata and the email's communication context. This decomposition makes CAPE's verdicts naturally explainable. In the paper, we describe the design principles and constraints behind its architecture, as well as the challenges of model design, evaluation and adapting the system continuously through a Bayesian approach that combines limited data with domain knowledge. Furthermore, we elaborate on several specific behavioral detectors, such as those based on Transformer neural architectures.

Related papers

• Good Enough to Learn: LLM-based Anomaly Detection in ECU Logs without Reliable Labels [0.0]
  Anomaly detection often relies on supervised or clustering approaches, with limited success in specialized domains like automotive communication systems.<n>We propose a novel decoder-only Large Language Model (LLM) to detect anomalies in Electronic Control Unit (ECU) communication logs.
  arXiv  Detail & Related papers  (2025-07-01T14:56:09Z)
• Quantum Autoencoder for Multivariate Time Series Anomaly Detection [0.0]
  Anomaly detection is a critical capability in IT security for recognizing incidents such as system misconfigurations, malware, or cyberattacks. With the advent of quantum machine learning, many avenues open for dealing with such complex data. We introduce a novel QAE-based framework designed specifically for time series AD towards enterprise scale.
  arXiv  Detail & Related papers  (2025-04-24T13:40:06Z)
• CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity [49.657358248788945]
  Textual descriptions in cyber threat intelligence (CTI) reports are rich sources of knowledge about cyber threats. Current CTI extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction. We propose CTINexus, a novel framework leveraging optimized in-context learning (ICL) of large language models.
  arXiv  Detail & Related papers  (2024-10-28T14:18:32Z)
• INTELLECT: Adapting Cyber Threat Detection to Heterogeneous Computing Environments [0.055923945039144884]
  This paper introduces INTELLECT, a novel solution that integrates feature selection, model pruning, and fine-tuning techniques into a cohesive pipeline for the dynamic adaptation of pre-trained ML models and configurations for IDSs. We demonstrate the advantages of incorporating knowledge distillation techniques while fine-tuning, enabling the ML model to consistently adapt to local network patterns while preserving historical knowledge.
  arXiv  Detail & Related papers  (2024-07-17T22:34:29Z)
• A Novel Generative AI-Based Framework for Anomaly Detection in Multicast Messages in Smart Grid Communications [0.0]
  Cybersecurity breaches in digital substations pose significant challenges to the stability and reliability of power system operations. This paper proposes a task-oriented dialogue system for anomaly detection (AD) in datasets of multicast messages. It has a lower potential error and better scalability and adaptability than a process that considers the cybersecurity guidelines recommended by humans.
  arXiv  Detail & Related papers  (2024-06-08T13:28:50Z)
• Building Hybrid B-Spline And Neural Network Operators [0.0]
  Control systems are indispensable for ensuring the safety of cyber-physical systems (CPS) We propose a novel strategy that combines the inductive bias of B-splines with data-driven neural networks to facilitate real-time predictions of CPS behavior.
  arXiv  Detail & Related papers  (2024-06-06T21:54:59Z)
• LAMBO: Large AI Model Empowered Edge Intelligence [71.56135386994119]
  Next-generation edge intelligence is anticipated to benefit various applications via offloading techniques. Traditional offloading architectures face several issues, including heterogeneous constraints, partial perception, uncertain generalization, and lack of tractability. We propose a Large AI Model-Based Offloading (LAMBO) framework with over one billion parameters for solving these problems.
  arXiv  Detail & Related papers  (2023-08-29T07:25:42Z)
• Causal Semantic Communication for Digital Twins: A Generalizable Imitation Learning Approach [74.25870052841226]
  A digital twin (DT) leverages a virtual representation of the physical world, along with communication (e.g., 6G), computing, and artificial intelligence (AI) technologies to enable many connected intelligence services. Wireless systems can exploit the paradigm of semantic communication (SC) for facilitating informed decision-making under strict communication constraints. A novel framework called causal semantic communication (CSC) is proposed for DT-based wireless systems.
  arXiv  Detail & Related papers  (2023-04-25T00:15:00Z)
• Interactive System-wise Anomaly Detection [66.3766756452743]
  Anomaly detection plays a fundamental role in various applications. It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data. We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
  arXiv  Detail & Related papers  (2023-04-21T02:20:24Z)
• Enhancing Multiple Reliability Measures via Nuisance-extended Information Bottleneck [77.37409441129995]
  In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition. We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training. We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
  arXiv  Detail & Related papers  (2023-03-24T16:03:21Z)
• Deep Learning based Covert Attack Identification for Industrial Control Systems [5.299113288020827]
  We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
  arXiv  Detail & Related papers  (2020-09-25T17:48:43Z)
• Deep Multi-Task Learning for Cooperative NOMA: System Design and Principles [52.79089414630366]
  We develop a novel deep cooperative NOMA scheme, drawing upon the recent advances in deep learning (DL) We develop a novel hybrid-cascaded deep neural network (DNN) architecture such that the entire system can be optimized in a holistic manner.
  arXiv  Detail & Related papers  (2020-07-27T12:38:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.