Cybersecurity Lecture Series - Sept. 2
Meet academic and industry leaders for intimate discussions about new cyber threats, trends and technologies.
The weekly Cybersecurity Lecture Series is a free, open-to-the-public lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from private companies, government agencies, start-up incubators as well as Georgia Tech faculty and students presenting their research.
Held weekly each Friday at Noon through Dec. 2, lectures are open to all -- students, faculty, industry, government, or simply the curious. Students may register for credit under seminar course CS-8001-INF.
Complimentary lunch provided for registered guests. Please bring your own beverage.
Featuring Terry Nelms on Sept. 2
"Towards Measuring and Mitigating Social Engineering Software Download Attacks"
Most modern malware infections happen through the browser, typically as the result of a drive-by or social engineering attack. While there have been numerous studies on measuring and defending against drive-by downloads, little attention has been dedicated to studying social engineering attacks. In this talk, we present the first systematic study of web-based social engineering (SE) attacks that successfully lured users into downloading malicious and unwanted software. To conduct this study, we collected and reconstructed more than 2,000 examples of in-the- wild SE download attacks from live network traffic. Via a detailed analysis of these attacks, we attained the following results: (i) a categorization system to identify and organize the tactics typically employed by attackers to gain the user’s attention and deceive or persuade them into downloading malicious and unwanted applications; (ii) reconstruction of the web path followed by the victims and observation that a large fraction of SE download attacks are delivered via online advertisement, typically served from “low tier” ad networks; (iii) measurement of the characteristics of the network infrastructure used to deliver such attacks and uncover a number of features that can be leveraged to distinguish between SE and benign (or non-SE) software downloads.
Terry Nelms is a Director of Research at Pindrop, where he leads a team of applied researchers solving challenging problems in fraud detection and authentication. Prior joining Pindrop, he spent over a decade inventing, designing and developing protection technologies at ISS, IBM and Damballa. His research has produced new security products, patents and publications in top industry and academic conferences. Nelms holds a B.S. and M.S. in Information Systems and a Ph.D. in Computer Science from the Georgia Institute of Technology.
Tara La Bouff