Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the security that needs to be built into these technologies to protect them against adversaries intent on abusing the same technologies for nefarious purposes.

At Microsoft, we are committed to harnessing the immense potential of AI to help solve many of our technology concerns today. We believe that working on the “bleeding edge” offers one of the best ways to serve our customers and the broader ecosystem, and AI is key to advancing our understanding and technical capabilities in many complex areas of cybersecurity.

We also value working with the community of experts, researchers, and data scientists in solving diverse technology and security challenges and building robust defenses against current and future security threat scenarios. We have always championed and supported new research on using technology in the most secure way possible, and we’ve had great success in collaborating with universities and sponsoring academic research.

In April 2021, with the goal of supporting the academic exploration of new knowledge and capabilities to benefit the broader community, we called for proposals for academic AI research on the threat of phishing and approaches for defending against it. The scope of this request for proposals (RFP) included expanding existing understanding of the communication graph, email and web content, the economics of phishing, and generating innovation for protecting organizations in the face of increasingly sophisticated attacks while providing fairness and privacy guarantees.

Today, it’s with great pleasure that we announce the winners of the Microsoft Security AI RFP:

Amin Kharraz

Florida International University

Title: WEBHASH: A Spatio-Temporal Deep Learning Approach for Detecting Social Engineering Attacks

Abstract: Social engineering attacks continue to remain a top security threat. The impact of these attacks is often deep and consequential. Modern social engineering attacks have evolved to deliver different classes of malicious code while collecting extensive financial and personal information. Unfortunately, current mechanisms are woefully inadequate to identify and reason about such adversarial operations, leaving organizations and end-users open to a variety of consequential attacks. The goal of this project is to design principles that will guide the development of an unsupervised approach to automatically identify temporal drifts and detect emerging trends in the social engineering attack landscape. The core insight of our research is that most social engineering campaigns rarely change the underlying software development techniques to build their attack pages and tend to reuse specific web development patterns to generate a diverse set of attack pages. In this proposal, we develop a novel similarity hashing mechanism, called WEBHASH, which takes into account the spatio-temporal characteristics of a target website and convert them into a vector that facilitates a low-overhead attribution and similarity testing at scale. We will take advantage of advances in machine learning and incorporate Siamese Neural Networks (SNNs) to conduct unsupervised similarity testing across the vectorized data. We posit that a number of useful activities can be performed with WEBHASH. By developing low latency detection and mitigation platforms for social engineering attacks, we can better protect organizations and institutions from data breaches and reduce users’ exposure to modern social engineering attacks. WEBHASH also allows approximating the prevalence of an emerging social engineering threat or the adoption of new attack techniques across different campaigns with minimal human intervention.

Zhou Li and Yanning Shen

University of California, Irvine

Title: Scalable Graph Learning for Automatic Detection of Spearphishing

Abstract: In this project, we will tackle the problem of automated spearphishing detection. Spearphishing has become a primary attack vector to perpetuate entities in public and private sectors, causing billions of dollars lost annually. Due to the advanced social-engineering tricks performed by the attackers, spearphishing emails are often evasive, difficult to capture by the existing approaches based on malware detection, sender/domain blacklisting, and more. To address this urgent threat, we will explore how to adapt state-of-the-art graph learning algorithms. In particular, we will first investigate how to model the email data as a graph, such that the spearphishing impersonators can be distinguished. Then, we will build a detection system with multi-kernel learning to capture the complex relationship between email users and their sending behaviors. For timely detection, we will examine how the trained classifier can be updated online with Random Feature based function estimation. Finally, we will derive the relation between different function estimators and the privacy levels. We expect this project to have a profound impact on email security and research in graph learning.

This announcement ushers in new opportunities for collaborative academic research on the complex and dynamic problem space associated with phishing. Follow @MsftSecIntel to track the progress of these research projects.

As part of our commitment to contributing to industry knowledge, all-new intellectual property (IP) resulting from this program will be made publicly available for any researcher, developer, or interested party to access.

Congratulations to the winners! We cannot wait to work with you to invent the future of security together.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.