ASEDA 2022: Automated Social Engineering Defense and Attacks (ASEDA 2022) The 12th ACM Conference on Data and Application Security and Privacy (CODASPY) Baltimore, DC, United States, April 26, 2022 |
Conference website | https://sites.google.com/view/aseda2022/ |
Submission link | https://easychair.org/conferences/?conf=aseda2022 |
Submission deadline | January 11, 2022 |
Humans are the most vulnerable point in cyber attacks. Automated security tools and utilities such as antiviruses and security patches can harden the security fortress of systems and infrastructures. However, when human operators are involved in the processes, the attack surfaces are widen massively enabling cyber attackers to launch various forms of attacks where the entry points are the humans in the loop. Creating a solid defense layering system requires understanding attackers’ mental models. In an analogous way, attackers also need to assess the vulnerabilities of human targets in order to launch successful exploitations and attacks. Such comprehension of perception of both attacker and defender’s sides enable us to build automation models to implement deceptive automated agents for the purpose of penetration testing as well as establishing different layers of automated security defense system to interact with attackers.
There are various sources of information in typical social engineering attack incidents that can be utilized for comprehension of features and thus enabling automation of the social engineering attack and defense processes. For instance, spoken, textual and unstructured data are rich in descriptive contents. When extracted effectively, these data form knowledge bases that can be queried and thus provide insights and useful information for security experts and users.
The Automated Social Engineering Defense and Attacks (ASEDA 2021) workshop creates a forum for researchers and IT industry leaders to share their knowledge and experience on developing theoretical foundations and practical social engineering automation platforms. As a multidisciplinary technical and social problem spanning Computer Science, Psychology, Machine Learning, Economics, and Game Theory (to name a few), the automation of social engineering attacks and employing effective defense strategies is a grand challenging problem. While Truth-Default Theory, deception theory and game theory have been the focus of research for experts in psychology and economics, the automation of these techniques in the context of social engineering is still in its infancy stage. As an example, research in social engineering analysis can benefit substantially from natural language processing techniques in automatically capturing features related to deception detection and analysis. The extracted features related to deception detection in various forms (e.g., phishing and vishing) can then contribute to comprehending attackers’ and defenders’ mental models through knowledge graphs. If extracted properly, these textual data can enable building knowledge graphs that can be queried to build knowledge bases for cybersecurity comprehension. The problems related to automation of social engineering attacks and defense demands developing novel applied and theoretical multidisciplinary research in human factors, economics, and machine/deep learning techniques. The workshop encourages submissions of new ideas, frameworks, experimental results, evaluation of social engineering attacks and defense strategies, and exploring emerging problems and techniques.
Submission Guidelines
We invite the submission of long (8 pages) and short (4 - 6 pages) papers to this workshop. At least one author of each accepted paper must register for the workshop and present the paper at the workshop. Papers should be submitted as a PDF file of a maximum of 8 pages (2 columns), excluding well-marked references and appendices limited to 3 pages. Submissions must be generated using the 2-column ACM acmart template available at https://www.acm.org/publications/proceedings-template , using the [sigconf, anonymous] options. All submissions must be anonymous (i.e., papers should not contain author names or affiliations, or obvious citations).
List of Topics
- Characterizing social engineering attacks and defenses
- Knowledge extraction and analysis of social engineering attacks and interactions
- Analysis of social engineering attacks using NLP
- NLP for cyber risk detection and management, and mitigation
- Understanding mental models of attacker/defender and their interactions
- Counter social engineering
- Cognitive security
Committees
Program Committee
- Person 1 (TBA)
- Person 2 (TBA)
- Person 3 (TBA)
Organizing committee
- Akbar Namin, The Department of Computer Science, Texas Tech University
- Keith S. Jones, The Department of Psychology, Texas Tech University
Publication
ASEDA 2021 proceedings will be published in ACM Digital Library.
Venue
The conference will be held virtually.
Contact
All questions about submissions should be emailed to: Akbar Namin (akbar.namin@ttu.edu) and/or Keith S. Jones (keith.s.jones@ttu.edu)