The Slingshot Project: Measuring, analyzing, and defending against targeted attacks

Date: 
Monday, June 9, 2014 - 3:00pm
Location: 
Harold Frank Hall 1132
Speaker: 
Stevens Le Blond, Max Planck Institute for Software Systems
Host: 
Christopher Kruegel

Abstract:

This talk starts with an empirical analysis of targeted attacks, i.e., cyber attacks targeting specific systems and / or individuals. To do so, I will rely on a dataset of over 1,000 malicious emails that have targeted human-rights NGOs as well as a few high-profile targets such as the New York Times and US embassies. All these malicious emails have consistently evaded GMail's defenses over a 4-year period. Among other things, I will show that approximately 75% of these emails impersonated the victims' contacts to lure them into opening malicious attachments.

I will then demonstrate that the filters of popular webmails (i.e., AOL, Hotmail, and Yahoo) and email clients (i.e., Outlook and Thunderbird) can easily be evaded to impersonate their users' contacts. I will propose a novel defense that complements existing filters with writing-style (stylometry) analysis to increase the difficulty of impersonating users' contacts. Using several email datasets, I will confirm that our design detects sender impersonation with very-high accuracy.

Finally, I will close with a few open problems in that research space.

Bio: 

Stevens Le Blond holds a M.Sc. from Vrije Universiteit, Amsterdam and a Ph.D. from INRIA, France. Stevens seeks to tackle high-risk / high-impact research problems in the broad areas of computer systems and networks. After having enjoyed sun bathing in Nice, Stevens is now experiencing actual bathing in Germany where he’s a postdoc in Paul Francis’ group at the Max Planck Institute for Software Systems. Stevens' Ph.D. work has been featured in the New York times, NPR, and the Wall Street Journal. His research has been published in leading conferences such as Usenix Security, SIGCOMM, and IMC.