Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., issued a broad agency announcement (HR001117S0050) Friday for the Active Social Engineering Defense (ASED) project.
ASED seeks to device automated defenses against social engineering attacks -- or those that seek to manipulate users into performing desired actions or divulging sensitive information.
The project seeks to elicit information automatically from a malicious adversary to identify, disrupt, and investigate social engineering attacks by using software bots. These bots would mediate communications between users and potential attackers, detect attacks, and coordinate investigations to discover the identity of the attacker.
Over the past 40 years our world has become increasingly connected over computer networks, email, social media, and other media. Although These connections have enabled major advances in national security, this connectivity also poses the threat of cyber attacks on military systems and critical infrastructure, DARPA researchers say.
Unlike conventional cyber and malware attacks on computer networks, however, more than 80 percent of cyber attacks come by exploiting humans rather than computer or network security flaws.
The most general social engineering attacks simply attempt to get unsuspecting internet users to click on malicious links. More focused attacks attempt to steal sensitive information like passwords or private information, or steal things of value from people by earning unwarranted trust.
These attacks need trust from the victim. Depending on the level of sophistication, these attacks go after individuals, organizations, or wide swathes of the population. Social engineering attacks work because it is difficult for users to verify every communication they receive.
Moreover, that verification requires a level of technical expertise that most users lack. to compound the problem, the number of users that have access to privileged information often is large.
The DARPA ASED project has three technical areas: automated detection of social engineering attacks; automated investigation of social engineers; and scalable evaluation team.
Automated detection of social engineering attacks will develop technology to detect social engineering attacks automatically with ways to observe the signatures of social engineering attacks and validate the identities of communicants.
This will require the ability to examine attack mechanisms; force attackers to leave a detectable trace; and validate the attacker's trust mechanism. This part of the program will develop communications bots to mediate and observe communications between attackers and potential victims.
Automated investigation of social engineers will use automated, virtual, alter-ego bots to help uncover the attacker’s identity. Each bot will manage resources that it can trade to gain information about the attacker.
Scalable evaluation team, meanwhile, will evaluate the performance of automated detection of social engineering attacks and automated investigation of social engineers and measure their progress via social engineering attacks.
The program will construct a test range using the email and phone systems of a real organization to create realistic environments for technology evaluation. This range will host realistic attacks.
DARPA officials say they expect to award several contracts for this program. Funding has not yet been determined.
Learn more: search the Aerospace & Defense Buyer's Guide for companies, new products, press releases, and videos