Glynn Rogers,Malcolm Crompton,Gaurav Sapre,Jonathan Chan

DOI: https://doi.org/10.48550/arXiv.2302.13532

2023-02-27

Cryptography and Security

Abstract:Social Engineering has emerged as a significant threat in cyber security. In a dialog based attack, by having enough of a potential victim's personal data to be convincing, a social engineer impersonates the victim in order to manipulate the attack's target into revealing sufficient information for accessing the victim's accounts etc. We utilise the developing understanding of human information processing in the Information Sciences to characterise the vulnerability of the target to manipulation and to propose a form of countermeasure. Our focus is on the possibility of the social engineer being able to build the victim's profile by, in part, inferring personal attribute values from statistical information available either informally, from general knowledge, or, more formally, from some public database. We use an orthogonalised log linear analysis of data in the form of a contingence table to develop a measure of how susceptible particular subtables are to probabilistic inference as the basis for our proposed countermeasure. This is based on the observation that inference relies on a high degree of non-uniformity and exploits the orthogonality of the analysis to define the measure in terms of subspace projections.

ZHANGXue-qin,ZHANGLi,GUChun-hua

DOI: https://doi.org/10.3785/j.issn.1008-973X.2019.05.003

2019-01-01

Abstract:An assessment method for social engineering threat based on attribute attack graph and Bayesian network was proposed, aiming at the problem that social engineering threats in social networks were difficult to evaluate quantitatively. The semantics of vulnerability and attack node in social engineering were defined, and the corresponding method for calculating available probability of vulnerability was proposed, according to the process of social engineering attack in social network. Phishing attacks and cross-station identity cloning attacks were simulated by analyzing the attack patterns of social engineering in social network. Social engineering attack maps were constructed based on the attribute attack graph generation algorithm. Bayesian network model was applied to assess quantitatively the social engineering threats caused by each attack path, and the privacy threat risk value of personal account in social network was obtained. Experiments on the Facebook dataset verified the effectiveness of the proposed method.

nitin v kanaskar,jiang bian,remzi seker,mais nijim,nuri yilmazer

DOI: https://doi.org/10.1109/SYSCON.2011.5929116

2011-01-01

Abstract:Insider attacks have the potential to inflict severe damage to an organizations reputation, intellectual property and financial assets. The primary difference between the external intrusions and the insider intrusions is that an insider wields power of knowledge about the information system resources, their environment, policies. We present an approach to detecting abnormal behavior of an insider by applying Dynamical System Theory to the insiders computer usage pattern. This is because abnormal system usage pattern is one of the necessary precursors to actual execution of an attack. A base profile of system usage pattern for an insider is created via applying dynamical system theory measures. A continuous monitoring of the insiders system usage and its comparison with this base profile is performed to identify considerable deviations. A sample system usage in terms of application system calls is collected, analyzed, and graphical results of the analysis are presented. Our results indicate that dynamical system theory has the potential of detecting suspicious insider behavior occurring prior to the actual attack execution.

Soumajyoti Sarkar,Mohammad Almukaynizi,Jana Shakarian,Paulo Shakarian

DOI: https://doi.org/10.1007/s13278-019-0603-9

2019-09-30

Social Network Analysis and Mining

Abstract:With the rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. In this study, we attempt to build a framework that utilizes unconventional signals from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise-related external cyber attacks. We use both unsupervised and supervised learning models that address the challenges that come with the lack of enterprise attack metadata for ground-truth validation as well as insufficient data for training the models. We validate our models on a binary classification problem that attempts to predict cyber attacks on a daily basis for an organization. Using several controlled studies on features leveraging the network structure, we measure the extent to which the indicators from the darkweb forums can be successfully used to predict attacks. We use information from 53 forums in the darkweb over a span of 17 months for the task. Our framework to predict real-world organization cyber attacks of three different security events suggests that focusing on the reply path structure between groups of users based on random walk transitions and community structures has an advantage in terms of better performance solely relying on forum or user posting statistics prior to attacks.

Soumajyoti Sarkar,Mohammad Almukaynizi,Jana Shakarian,Paulo Shakarian

DOI: https://doi.org/10.48550/arXiv.1811.06537

2018-11-16

Abstract:With rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. We use information from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise cyber attacks. We use a suite of social network features on top of supervised learning models and validate them on a binary classification problem that attempts to predict whether there would be an attack on any given day for an organization. We conclude from our experiments using information from 53 forums in the darkweb over a span of 12 months to predict real world organization cyber attacks of 2 different security events that analyzing the path structure between groups of users is better than just studying network centralities like Pagerank or relying on the user posting statistics in the forums.

Social and Information Networks

Tolga Mataracioglu,Sevgi Ozkan,Ray Hackney

DOI: https://doi.org/10.48550/arXiv.1507.02458

2015-07-09

Abstract:This research considers the impact of social engineering security attacks which are noted as taking opportunities for critically exploiting user awareness and behavior. The research proposes in this respect a managerial method in an attempt to enhance or even ensure protection. The aim of this study is to construct a security lifecycle model against these eventualities and to analyze the test results that have been carried out within the context of the Turkish public sector. The main objective of the study is to determine why employees shared sensitive information by stating fallacies and related amendments through interviews and thus to understand user actions when they are face to face with a real social engineering attack. The research findings demonstrate that employees in Turkish public organizations are not sufficiently aware of information security and they generally ignore critically important security procedures. This represents an important illustration of the increasing need for further generalized user awareness and responsibilities where individuals and not simply software form a critical element of the security protection portfolio.

Cryptography and Security,Computers and Society

Xueyuan Wen,Kaiyan Dai,Qi Xiong,Lili Chen,Jian Zhang,Zhen Wang

DOI: https://doi.org/10.1016/j.jisa.2023.103557

IF: 4.96

2023-08-19

Journal of Information Security and Applications

Abstract:Years into the insider threat, it remains an universal challenge to predict and defend. Concerning this problem, there has been a multitude of solutions, including the detection of sentiment fluctuations of an entity to predict its abnormality degree. Previous research solely focus on the analysis of individual anomalies, but ignore the sociality of individual sentiments. Therefore, in this paper, we propose an approach to internal threats detection based on sentiment and network analysis. Above all, we use Natural Language ToolKit (NLTK) to analyze the sentiment of each preprocessed email, and thus we establish sentiment communication network. The graphs are reconstructed into series and reshaped as matrices. By the singular value decomposition (SVD), the matrix is decomposed into base networks, and we analyze the change in importance of important base networks over time to detect the company's internal conditions. When anomalies occur, we establish combination networks which consist of base networks and can represent the abnormal character patterns of this time. Then compare the eigenvector centrality of both combination networks and total network to identify the employees related to this anomaly. The experiment shows that it can locate the anomaly-related employees accurately, and according to the network graph, the top few of anomaly-related employees are associated in group internal threats. Our approach provides the anomaly-related rank of employees and the abnormal character pattern of the sentiment communication network at the moment of anomaly.

computer science, information systems

Lyudmyla Kirichenko,Tamara Radivilova,Anders Carlsson

DOI: https://doi.org/10.48550/arXiv.1805.06680

2018-05-17

Abstract:This article considers a short survey of basic methods of social networks analysis, which are used for detecting cyber threats. The main types of social network threats are presented. Basic methods of graph theory and data mining, that deals with social networks analysis are described. Typical security tasks of social network analysis, such as community detection in network, detection of leaders in communities, detection experts in networks, clustering text information and others are considered.

Social and Information Networks,Cryptography and Security,Computers and Society

Chun-Ming Lai,Xiaoyun Wang,Yunfeng Hong,Yu-Cheng Lin,S. Felix Wu,Patrick McDaniel,Hasan Cam

DOI: https://doi.org/10.23919/CNSM.2017.8256040

2018-02-13

Abstract:Online social network (OSN) discussion groups are exerting significant effects on political dialogue. In the absence of access control mechanisms, any user can contribute to any OSN thread. Individuals can exploit this characteristic to execute targeted attacks, which increases the potential for subsequent malicious behaviors such as phishing and malware distribution. These kinds of actions will also disrupt bridges among the media, politicians, and their constituencies. For the concern of Security Management, blending malicious cyberattacks with online social interactions has introduced a brand new challenge. In this paper we describe our proposal for a novel approach to studying and understanding the strategies that attackers use to spread malicious URLs across Facebook discussion groups. We define and analyze problems tied to predicting the potential for attacks focused on threads created by news media organizations. We use a mix of macro static features and the micro dynamic evolution of posts and threads to identify likely targets with greater than 90% accuracy. One of our secondary goals is to make such predictions within a short (10 minute) time frame. It is our hope that the data and analyses presented in this paper will support a better understanding of attacker strategies and footprints, thereby developing new system management methodologies in handing cyber attacks on social networks.

Social and Information Networks

Serhii Yevseiev,Oleksandr Laptiev,Sergii Lazarenko,Anna Korchenko,Iryna Manzhul

DOI: https://doi.org/10.21303/2461-4262.2021.001615

2021-01-29

Abstract:The article analyzes the parameters of social networks. The analysis is performed to identify critical threats. Threats may lead to leakage or damage to personal data. The complexity of this issue lies in the ever-increasing volume of data. Analysts note that the main causes of incidents in Internet resources are related to the action of the human factor, the mass hacking of IoT devices and cloud services. This problem is especially exacerbated by the strengthening of the digital humanistic nature of education, the growing role of social networks in human life in general. Therefore, the issue of personal information protection is constantly growing. To address this issue, let’s propose a method of assessing the dependence of personal data protection on the amount of information in the system and trust in social networks. The method is based on a mathematical model to determine the protection of personal data from trust in social networks. Based on the results of the proposed model, modeling was performed for different types of changes in confidence parameters and the amount of information in the system. As a result of mathematical modeling in the MatLab environment, graphical materials were obtained, which showed that the protection of personal data increases with increasing factors of trust in information. The dependence of personal data protection on trust is proportional to other data protection parameters. The protection of personal data is growing from growing factors of trust in information. Mathematical modeling of the proposed models of dependence of personal data protection on trust confirmed the reliability of the developed model and proved that the protection of personal data is proportional to reliability and trust

English Else

Zhengbing Hu,Roman Odarchenko,Sergiy Gnatyuk,Maksym Zaliskyi,Anastasia Chaplits,Sergiy Bondar,Vadim Borovik,

DOI: https://doi.org/10.5815/ijcnis.2020.06.01

2021-12-08

International Journal of Computer Network and Information Security

Abstract:Represented paper is currently topical, because of year on year increasing quantity and diversity of attacks on computer networks that causes significant losses for companies. This work provides abilities of such problems solving as: existing methods of location of anomalies and current hazards at networks, statistical methods consideration, as effective methods of anomaly detection and experimental discovery of choosed method effectiveness. The method of network traffic capture and analysis during the network segment passive monitoring is considered in this work. Also, the processing way of numerous network traffic indexes for further network information safety level evaluation is proposed. Represented methods and concepts usage allows increasing of network segment reliability at the expense of operative network anomalies capturing, that could testify about possible hazards and such information is very useful for the network administrator. To get a proof of the method effectiveness, several network attacks, whose data is storing in specialised DARPA dataset, were chosen. Relevant parameters for every attack type were calculated. In such a way, start and termination time of the attack could be obtained by this method with insignificant error for some methods.

Alfan Presekal,Alexandru Stefanov,Vetrivel S. Rajkumar,Peter Palensky

DOI: https://doi.org/10.1109/tsg.2023.3237011

IF: 10.275

2023-09-01

IEEE Transactions on Smart Grid

Abstract:Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

engineering, electrical & electronic

Zuoguang Wang,Hongsong Zhu,Peipei Liu,Limin Sun

DOI: https://doi.org/10.1186/s42400-021-00094-6

2021-08-02

Abstract:Abstract Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.

computer science, information systems, interdisciplinary applications, software engineering

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Shuhao Li,Xiaochun Yun,Zhiyu Hao,Yongzheng Zhang,Xiang Cui,Yipeng Wang

DOI: https://doi.org/10.1007/978-3-642-30436-1_22

2012-01-01

Abstract:In recent years, widely spreading botnets in social networks are becoming a major security threat to both social networking services and the privacy of their users. In order to have a better understanding of the dynamics of these botnets, defenders should model the process of their propagation. However, previous studies on botnet propagation model have tended to focus solely on characterizing the vulnerability propagation on one infection domain, and left two key properties (cross-domain mobility and user dynamics) untouched. In this paper, we formalize a new propagation model to reveal the general infection process of social engineering botnets in multiple social networks. This proposed model is based on stochastic process, and investigates two important factors involved in botnet propagation: (i) bot spreading across multiple domains, and (ii) user behaviors in social networks. Furthermore, with statistical data obtained from four real-world social networks, a botnet simulation platform is built based on OMNeT++ to test the validity of our model. The experimental results indicate that our model can accurately predict the infection process of these new advanced botnets with less than 5% deviation.

Xiao Zhang,Yutong Meng

DOI: https://doi.org/10.1038/s41598-024-68315-9

IF: 4.6

2024-08-02

Scientific Reports

Abstract:Internal employees have always been at the core of organizational security management challenges. Once an employee exhibits behaviors that threaten the organization, the resulting damage can be profound. Therefore, analyzing reasonably stored behavioral data can equip managers with effective threat monitoring and warning solutions. Through data-mining, a knowledge graph for internal threat data is deduced, and models for detecting anomalous behaviors and predicting resignations are developed. Initially, data-mining is employed to model the knowledge ontology of internal threats and construct the knowledge graph; subsequently, using the behavioral characteristics, the BP neural network is optimized with the Sparrow Search Algorithm (SSA), establishing a detection model for anomalous behaviors (SBP); additionally, behavioral sequences are processed through data feature vectorization. Utilizing SBP, the LSTM network is further optimized, creating a predictive model for employee behaviors (SLSTM); ultimately, SBP detects anomalous behaviors, while SLSTM predicts resignation intentions, thus enhancing detection strategies for at-risk employees. The integration of these models forms a comprehensive threat detection technology within the organization. The efficacy and practicality of detecting anomalous behaviors and predicting resignations using SBP and SLSTM are demonstrated, comparing them with other algorithms and analyzing potential causes of misjudgment. This work has enhanced the detection efficiency and update speed of abnormal employee behaviors, lowered the misjudgment rate, and significantly mitigated the impact of internal threats on the organization.

multidisciplinary sciences

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Damir Moldabayev,Mikhail Suchkov,Zukhra Abdiakhmetova,Amandyk Kartbayev

DOI: https://doi.org/10.37943/18fonx7380

2024-06-30

Scientific Journal of Astana IT University

Abstract:This paper explores the essential dynamics of social networks, specifically examining the phenomenon of information confrontation among users. The goal of the research is the development of a novel simulation methodology that integrates game-theoretic principles with probabilistic techniques to provide a robust model for these interactions. The theoretical framework of the study is founded on the conceptualization of user conflicts as a strategic game between two players. The primary objective for each player in this game is to exert influence and control over as many nodes within the network as possible. To capture the essence of these strategic interactions, we have introduced an innovative algorithm that facilitates dynamic strategy adaptation. This algorithm is pivotal in allowing players to modify their decision-making processes in real-time, based on the continually changing conditions of the network. For practical implementation and validation of the methodology, we used the Facebook Researcher open dataset, with a particular focus on its Kazakhstani segment. This dataset provides a rich source of empirical data, reflecting diverse user interactions and network configurations, which are essential for testing the model. This approach stands out by offering significant improvements in computational efficiency and resource management. By dynamically tracking and updating the network's status, the proposed method reduces the computational resources required, thereby enhancing the scalability of the simulation. In comparing our methodology with other existing models in the field, it becomes evident that it not only matches but in several respects surpasses these methodologies in terms of flexibility. This study makes substantial contributions to the field of social network analysis by providing a sophisticated tool that can be effectively employed to navigate and analyze the complexities of information confrontation in digital social spaces.

Kamal Raj Sharma,Wei-Yang Chiu,Weizhi Meng

2023-03-23

Abstract:Security associated threats are often increased for online social media during a pandemic, such as COVID-19, along with changes in a work environment. For example, employees in many companies and organizations have started to work from home due to the COVID-19 pandemic. Such working style has increased many remote activities and further relied on email for communication, thus creating an ideal condition for email fraud schemes. Motivated by this observation, the main purpose of this work is to evaluate the privacy policy of online social media and identify potential security associated problems. First, we perform a risk analysis of online social media networks such as Facebook, Twitter and LinkedIn by using the STRIDE model. This aims to find threats and vulnerabilities in the online social media. Then in this analysis, the phishing attack was found to be a main threat in online social media, which is a social engineering attack, where users are convinced through some fake messages or emails to extract their personal credentials.

Cryptography and Security

Affan Yasin,Rubia Fatima,Lin Liu,Jianmin Wang,Raian Ali,Ziqi Wei

DOI: https://doi.org/10.1002/spy2.161

2021-01-01

Security and Privacy

Abstract:Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide‐spread and it exits in non‐academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.