Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks.
The five-man research team has focused on detecting spear-phishing attacks alone, and not spam or other types of email-based threats.
Winning team created DAS
They did this by creating a system — called DAS (Directed Anomaly Scoring) — that detects uncommon patterns in emails communications.
They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.
Researchers configured DAS to use a series of factors for evaluating newly received emails. These included a sender domain reputation score and sender reputation score, but also analyzed SMTP, NIDS, and LDAP logs, looking at logins from new IPs, total logins per employee, inactivity periods, and others.
By looking at this factors, DAS was able to detect spoofed addresses, spoofed sender names, but also lateral attacks from the compromised accounts of fellow co-workers.
