Over the past 40 years, our world has become increasingly connected. These connections have enabled major advances in national security from pervasive real-time intelligence and communications to optimal logistics. With this connectivity has come the threat of cyber attacks on both military systems and critical infrastructure. While we focus the vast majority of our security efforts on protecting computers and networks, more than 80% of cyber attacks and over 70% of those from nation states are initiated by exploiting humans rather than computer or network security flaws. To build secure cyber systems, it is necessary to protect not only the computers and networks that make up these systems but their human users as well.
We call attacks on humans “social engineering” because they manipulate or “engineer” users into performing desired actions or divulging sensitive information. The most general social engineering attacks simply attempt to get unsuspecting internet users to click on malicious links. More focused attacks attempt to elicit sensitive information, such as passwords or private information from organizations or steal things of value from particular individuals by earning unwarranted trust.
These attacks always have an “ask,” a desired behavior that the attacker wants to induce from the victim. To do this, they need trust from the victim, which is typically earned through interaction or co-opted via a spoofed or stolen identity. Depending on the level of sophistication, these attacks will go after individuals, organizations, or wide swathes of the population.
Social engineering attacks work because it is difficult for users to verify each and every communication they receive. Moreover, verification requires a level of technical expertise that most users lack. To compound the problem, the number of users that have access to privileged information is often large, creating a commensurately large attack surface.
The Active Social Engineering Defense (ASED) program aims to develop the core technology to enable the capability to automatically elicit information from a malicious adversary in order to identify, disrupt, and investigate social engineering attacks. If successful, the ASED technology will do this by mediating communications between users and potential attackers, actively detecting attacks and coordinating investigations to discover the identity of the attacker.
Additional information is available in the ASED BAA.
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue