An Automatic Detection Model for Social Engineering Attacks Using Machine Learning Techniques in Saudi Twitter Feed

Abstract

Security issues are one of the most important issues that take the biggest attention of countries’ leaders. Social media especially Twitter is constituting a real threat on the national security as it is being used for publishing the extremist thoughts and terrorism. Despite of the great efforts provided by the government to maintain the national security, protecting people’s mentality from being deceived is a difficult mission to be achieved. In the field of information security, there is a lack of studies that provide an analysis of social engineering attacks in social networking sites especially in Saudi Arabia and the Arabic content. In this study, the researcher provided a taxonomy of social engineering attacks in Saudi Twitter feed (called SEAST) that was done using a data collected from Saudi Twitter. As a result, in Saudi Twitter feed, there are five main entities that can be used to classify a social engineering attack which are: social engineer, victim, goal, attack method, and persuasion factor. In addition, this study proposed a machine learning model for detecting a subset of SE attacks defined in SEAST taxonomy. This study proposed the use of three features sets in the ML model which are: URL-based features, tweet-based features, and account-based features. The proposed ML model showed that Random Forest classifier outperformed other classifiers used in the experiment with an accuracy of 97.88%. Finally, this study proposed a real-time system for detecting and preventing SE attacks in Twitter using Random Forest classifier in Python and it achieved an accuracy of 95.12%.