Threat Detection for General Social Engineering Attack Using Machine Learning Techniques
This paper explores the threat detection for general social engineering (SE) attack using machine learning (ML) techniques, rather than focusing on or limited to a specific SE attack type, e.g. email phishing. Firstly, this paper processes and obtains more SE threat data from the previous knowledge graph, and then extracts different threat features and generates new datasets corresponding with three different feature combinations. Finally, 9 types of ML models are created and trained using the three datasets, respectively, and their performance are compared and analyzed with 27 threat detectors/classifiers and 270 experiments. The experimental results and analysis show that: 1) the ML techniques is feasible in detecting general SE attack threat and some ML models are quite effective; ML-based SE threat detection is complementary with knowledge graph-based approaches; 2) the generated datasets are usable; the SE domain ontology proposed in previous work can dissect SE attacks and deliver the SE threat features, allowing it to be used as a data model for future research. Besides, many conclusions and analyses about the characteristics of different ML models and the datasets are discussed.