Personalized AutoNomous Agents Countering Social Engineering Attacks (PANACEA) protects online users against current and future forms of social engineering. PANACEA serves as an intermediary between attackers (human, automated, hybrid, coordinated) and the potential victim(s) they target. Depending upon the nature and source of communication, PANACEA either handles it autonomously, or allows the user to proceed with an exchange while monitoring the conversation and intervening as needed by (1) inserting or modifying users’ messages, (2) instructing the user how best to respond, while at the same time (3) initiating an investigation. When appropriate, PANACEA provides a contextual explanation of the technical details of a message, so that the user can make informed decisions about the identity and authenticity of the sender, or direct PANACEA to investigate further. Throughout all exchanges, PANACEA collects threat intelligence and builds models of adversaries, victims, infrastructure, capabilities, language, and cultural norms, improving attack detection accuracy and mitigation, and enhancing information elicitation for attack attribution.
The PANACEA project is part of the DARPA ASED program, covering the entire spectrum of defense against, and investigation and counteraction of, social-engineering attacks. A key innovation of PANACEA is the treatment of the entire encounter between the attacker and the victim’s defenses as a continuous, coordinated investigative opportunity, even while initial authentication and defensive moves are applied. This design, as contrasted with separate defensive and investigative phases, significantly increases chances of success by taking advantage of the longer interaction opportunity, particularly early in the exchange when attackers’ own vulnerabilities and biases may be easier to exploit.
The centerpiece of PANACEA’s novel and unique approach is socio-behavioral technology, grounded in our team’s prior work on detecting, modeling and manipulating human behavior in online social interactions and related social science theories, that enables recognizing and effectively counteracting social engineering attacks. We construct adaptable, autonomous alter-ego bots, capable of acting on behalf of the users, protecting their interests and resources, while simultaneously performing investigation to identify the attackers and classify their methods. Two major contributions of PANACEA socio-behavioral modeling are that it (1) automates previously manual aspects of threat intelligence, and (2) incorporates critical features in cyber-attack models to infer attackers and their capabilities. PANACEA will optimize the speed, effectiveness, and accuracy of its investigation by implementing coordinated multi-channel adaptive defense and elicitation tactics that maximize the probability of attacker identification in a minimum number of steps. PANACEA bots are unique in that they are not simply reactive, but are imbued with agency to affect the adversary’s cognitive state, distracting and engaging them using active dynamic deceptive techniques.