Enterprise security is increasingly being threatened by social engineering attacks, such as phishing, which deceive employees into giving access to enterprise data. To protect both the users themselves and enterprise data, more and more organizations provide cyber security training that seeks to teach employees/customers to identify and report suspicious content. By its very nature, such training seeks to focus on signals that are likely to persist across a wide range of attacks. Further, it expects the user to apply the learnings from these training on e-mail messages that were not filtered by existing, automatic enterprise security (e.g., spam filters and commercial phishing detection software). However, relying on such training now shifts the detection of phishing from an automatic process to a human driven one which is fallible especially when a user errs due to distraction, forgetfulness, etc. In this work we explore treating this type of detection as a natural language processing task and modifying training pipelines accordingly. We present a dataset with annotated labels where these labels are created from the classes of signals that users are typically asked to identify in such training. We also present baseline classifier models trained on these classes of labels. With a comparative analysis of performance between human annotators and the models on these labels, we provide insights which can contribute to the improvement of the respective curricula for both machine and human training.

翻译：企业安全日益受到社会工程攻击（如钓鱼攻击）的威胁，此类攻击通过欺骗员工获取企业数据访问权限。为同时保护用户自身及企业数据，越来越多的组织提供网络安全培训，旨在教导员工/客户识别并报告可疑内容。本质上，这类培训侧重于识别可能广泛存在于各类攻击中的信号特征，并期望用户将培训所学应用于未被现有自动企业安全系统（如垃圾邮件过滤器和商业钓鱼检测软件）过滤的邮件。然而，依赖此类培训将钓鱼检测从自动化流程转变为人工驱动模式，而这种模式容易出错——尤其在用户因注意力分散、健忘等因素导致失误时。本研究探索将此类检测视为自然语言处理任务，并相应调整训练流程。我们构建了一个带标注标签的数据集，这些标签源自用户在培训中通常被要求识别的信号类别，并基于这些标签类别训练了基线分类器模型。通过对比人工标注者与模型在这些标签上的性能表现，我们提供了可同时改进机器学习与人类培训相关课程的洞察。