We're all seeing the rise of scam attacks. But have you ever wondered how they operate? False positives can cause problems for both technology and attackers. Attackers need to correctly identify targets to be profitable, and the number of targets decreases as the density of victims decreases. In the case of Nigerian scams, the attackers send emails to only the most gullible individuals to increase their chances of success.False positives, or targets that yield nothing, must be balanced against false negatives, or viable targets that go un-attacked.
The trade-off between these two types of errors is common across many fields and the relative costs of false positives and false negatives change depending on the problem specifics.For attackers, this trade-off is particularly important as their success depends on identifying profitable targets. As the density of victims decreases, it becomes more difficult for the attacker to achieve a favorable return on their effort. At very low densities, the attacker faces a Catch-22 scenario where they need accurate distinction to be profitable, but need large numbers of victims to improve their accuracy.
The article suggests that false positives may be used as a means of intentionally reducing attacker economics. By using false positives to weed out non-viable targets, the attacker can ensure that they are focusing their efforts on the most promising targets and improving their chances of success. There are challenges that attackers face when trying to convert malicious software into tangible benefits like money. There is often a friction between the digital and physical world, which makes it difficult to automate the process of turning digital information into physical goods and cash.
As a result, attackers often have to spend effort on each potential target, and the decision to invest that effort is never perfect.Attackers try to find targets to attack in a population of N users, where only M of these users are considered "viable targets." Viable targets are those that will yield a profit of G when attacked. The cost of each attack is C, and if the target is not viable, it will result in a loss of C. The text mentions that some users are more likely to be viable targets, and the attacker has a score (x) for each user that represents the likelihood of the user being a viable target.
The scores are based on observable information such as the user's location, job, and accounts. The viability of a target depends on the specific attack and is not directly observable by the attacker. The text notes that being rich does not necessarily mean being a viable target, as the attacker must be able to successfully extract the targeted resource (such as money).passwords but cannot irreversibly transfer money from the account this counts as a failure not a success. This is a cost to the attacker for no gain.
The attacker's goal is to attack as many viable targets as possible and avoid attacking non-viable targets. The paper assumes that the cost of an attack is not zero and the gain from a successful attack is finite.Now, let's discuss the popular scam that is commonly referred to as the "Nigerian scam." This scam is usually an email campaign that tries to get people to send money. The article mentions that many of these scams mention Nigeria as the source of the funds, but the author questions why the scammers don't claim to be from other countries.
The author also mentions that using Nigeria as the origin of the scam may actually reduce the number of people who respond to the email.The author explains that the goal of the scammer is to attack only the most likely targets, who are the most gullible and have money. The email campaign is the main opportunity for the scammer to separate the viable (likely to send money) from the non-viable targets. The author suggests that if the scammer wants to maximize profit, he should attack only the most likely targets, rather than trying to attack as many people as possible.
The scammers use an initial email to "self-identify" their potential victims, meaning they use the email to determine who might fall for the scam. They do this by making the email so absurd or unbelievable that only the most gullible people will respond to it. The scammers are very careful not to target people who might not fall for the scam because mistakenly targeting someone who won't fall for it will ruin their profit. The scammers are very aware of the fact that only a tiny fraction of the population is vulnerable to the scam, so they are very careful not to waste their time on people who won't be fooled.
In the end, the scammers are very sensitive to false positives, meaning they are careful not to target people who won't actually give them money. This suggests that the scam is a risky financial proposition. False positives can be used as a way to prevent attackers from successfully executing their attack. False positives refer to non-viable targets that appear to be viable to the attacker. The authors explain that if false positives are injected into the system, the density of viable targets (i.
e. the actual targets the attacker wants to attack) will decrease. This, in turn, will reduce the number of victims found by the attacker, and make their attack uneconomic (i.e. not profitable). The authors also point out that this strategy is particularly effective at low densities, as the attacker is more sensitive to false positives in these cases.The analysis reveals that adding false positives can have a significant impact on reducing the number of viable targets and the attacker's prospects.
For example, a 10x reduction in the density of viable targets can result in a 1000x reduction in victims found. This effect becomes more pronounced at low densities, where the attacker is more sensitive to false positives.