EBIDS-SENLP: A system to detect social engineering email using natural language processing.

摘要

EBIDS-SENLP is an Ontology-Based Intrusion Detection System that uses natural language themes, specifically manipulative themes for the purpose of social engineering (online fraud), to detect such manipulation in email text. The project includes a performance test against two industry standard intrusion detection systems, Snort and SpamAssassin, to see if the new approach is feasible and how it performs initially. The project features a novel algorithmic approach to detection of malicious content by utilizing the natural language processing capabilities of the UMBC ILIT Laboratory's OntoSem project to parse and understand the email text, to ferret out the concepts of manipulation in the emails. This project was shown to present an immediate value to network defense, because, although it was outperformed by SpamAssassin in testing, it still showed an impressive 75% detection rate with only four detection rules in its signature set and a very low 1.9% false-positive rate. The detection rate is low for a production system, but it is a promising start, and the false-positive rate is much lower than anyone involved in the project expected. Thus, if the signature set is updated significantly, this product can approach the performance of SpamAssassin and do so with a much smaller and more easily adaptable signature set (it is based on English language concepts instead of digital signatures).