Stopping election interference attacks using ML

My favorite part of working at Abnormal Security is seeing the myriad of nefarious attacks we are able to stop. These attacks include everything from attempts to steal millions of dollars, to installing ransomware crippling hospitals, to state actors compromising our power grid. And — right the core of the product sits some tough ML problems. How do we robustly identify behavior anomalies? How do we quickly adapt to an ever-changing attack landscape? How do we catch these really carefully crafted social engineering strategies aimed to trick people?

Just before the election, an attack went out to thousands of voters in Florida trying to intimidate them into voting for Donald Trump. Although our system did not stop these initially, we were able to quickly feed examples into our ML system and get it to catch on, and then subsequently prevent other election-based social engineering attacks. This used a pretty cool system we recently built —

1. Rapidly fine-tunes models based on the newest data
2. Accepts hints in the form of examples emails, phrases, etc
3. Uses data augmentation to generalize and boost the impact of those hints (along with particular false negatives) have on the model parameters

Not only was this able to immediately improve our system to catch the exact attack we saw but was able to generalize from the text content and behavioral patterns to identify other attacks trying to manipulate recipients using election-related strategies.

Read more about this project here:

Stopping New Email Attacks with Data Augmentation and Rapidly-Training Models

And more broadly, if you are interested in our approach to email security, here are two other stories I recently published to our blog:

Intelligent Signatures at Abnormal Security

Combining ML Models to Detect Email Attacks