The ask and framing detection module is one of the modules of an operational system called Personalized AutoNomous Agents Countering Social Engineering Attacks, or Panacea, a collaborative project with researchers from IHMC, RPI, SUNY Albany, and UNCC.
The module takes an email as input and identifies the ask and framing used by the social engineer as shown below.
On the left side is the actual email that was used by the ask and detection module to produce the output. The email starts by providing an alluring statement at the beginning: “Congratulation, it is a pleasure to inform you that you have won the sum of 1.75 million euro”. This part of the email is what we refer to as the “framing” posted by the social engineer, i.e., the risk or reward (what we call “LOSE” or “GAIN”) implied by the ask. In this case the social engineer claims that there will be a “GAIN” of “1.75M euro”. Thus, the framing structure produced is a GAIN followed by the triggering element “won”, which takes as its an argument “the sum of 1.75M euro”. This argument is identified with the ask category “finance_money”.
The social engineer finishes up by providing wording that contains an ask: “For more inquiries, quickly contact me through this Email address”. The structure produced for the “ask” is a PERFORM followed by the triggering element “contact”, which takes as its argument “me”. This argument is associated with a “link” in the email, identified by the number 0 (in parentheses). This index points to the email address joe.email@mail-link.com. Detecting this part of the ask involves structural knowledge about email—not linguistic knowledge.
After extracting the framing and ask of the social engineer, PANACEA leverages this to produce a response to the social engineer’s ask.
