Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK


  • Zheyuan Ryan Shi Carnegie Mellon University
  • Aaron Schlenker Facebook, Inc.
  • Brian Hay Security Works
  • Daniel Bittleston Carnegie Mellon University
  • Siyu Gao Carnegie Mellon University
  • Emily Peterson Carnegie Mellon University
  • John Trezza Carnegie Mellon University
  • Fei Fang Carnegie Mellon University




Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today's online users. One clever technique, the “watering hole” attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal protection policy. To illustrate the potential use of our framework, we built a browser extension based on our algorithms which is now publicly available online. The CyberTWEAK extension will be vital to the continued development and deployment of countermeasures for social engineering.




How to Cite

Shi, Z. R., Schlenker, A., Hay, B., Bittleston, D., Gao, S., Peterson, E., Trezza, J., & Fang, F. (2020). Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK. Proceedings of the AAAI Conference on Artificial Intelligence, 34(08), 13363-13368. https://doi.org/10.1609/aaai.v34i08.7050



IAAI Technical Track: Emerging Papers