Zuoguang Wang,Hongsong Zhu,Peipei Liu,Limin Sun

DOI: https://doi.org/10.1186/s42400-021-00094-6

2021-08-02

Abstract:Abstract Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.

computer science, information systems, interdisciplinary applications, software engineering

Mohamed Zaoui,Belfaik Yousra,Sadqi Yassine,Maleh Yassine,Ouazzane Karim

DOI: https://doi.org/10.1109/access.2024.3403197

IF: 3.9

2024-05-28

IEEE Access

Abstract:Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.

computer science, information systems,telecommunications,engineering, electrical & electronic

Theodore Longtchi,Rosana Montañez Rodriguez,Laith Al-Shawaf,Adham Atyabi,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.2203.08302

2022-03-15

Cryptography and Security

Abstract:Social engineering attacks are a major cyber threat because they often serve as a first step for an attacker to break into an otherwise well-defended network, steal victims' credentials, and cause financial losses. The problem has received due amount of attention with many publications proposing defenses against them. Despite this, the situation has not improved. In this paper, we aim to understand and explain this phenomenon by looking into the root cause of the problem. To this end, we examine the literature on attacks and defenses through a unique lens we propose -- {\em psychological factors (PFs) and techniques (PTs)}. We find that there is a big discrepancy between attacks and defenses: Attacks have deliberately exploited PFs by leveraging PTs, but defenses rarely take either of these into consideration, preferring technical solutions. This explains why existing defenses have achieved limited success. This prompts us to propose a roadmap for a more systematic approach towards designing effective defenses against social engineering attacks.

Affan Yasin,Rubia Fatima,Lin Liu,Jianmin Wang,Raian Ali,Ziqi Wei

DOI: https://doi.org/10.1002/spy2.161

2021-01-01

Security and Privacy

Abstract:Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide‐spread and it exits in non‐academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.

Affan Yasin,Rubia Fatima,Lin Liu,Awaid Yasin,Jianmin Wang

DOI: https://doi.org/10.1002/spy2.73

2019-01-01

Abstract:The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top-notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game-based analysis techniques. Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods.

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Weiwu Ren,Liang Hu,Kuo Zhao,Bing Jia

DOI: https://doi.org/10.4028/www.scientific.net/amr.694-697.2466

2013-01-01

Advanced Materials Research

Abstract:Semantic modeling has become indispensable to integrate various specific security issues of Internet of Things. How to describe attack scenarios and how to define an intrusion unambiguously has been an urgent problem. For solving two above problems, a new three-level information security ontology model is proposed, which is an initial attempt to solve security issues by means of ontology technology. Five top classes are proposed in the domain ontology level. Then their subclasses are also proposed on the basis of actual scenarios in the local ontology level. Our intelligent laboratory, as experiment scenarios, is partly instantiated.

Rosana Montanez Rodriguez,Edward Golob,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.2007.04932

2020-07-10

Abstract:Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavors towards a new sub-field that can be called Cybersecurity Cognitive Psychology, which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

Cryptography and Security

Affan Yasin,Rubia Fatima,Lin Liu,Jianmin Wang,Raian Ali

DOI: https://doi.org/10.1109/COMPSAC48688.2020.00045

2020-01-01

Abstract:Human remains susceptible to manipulations, and social engineers are expert of these techniques. To better understand the attack and defense strategies of social engineering attack, there is a need to map social engineering strategies with the war strategies. We can find plenty of war strategist and books on war strategies. By mapping the knowledge, we may get unique ways of defense and can further identify social engineering attack patterns. In this study, we have mapped the principles suggested by Sun-Tzu with social engineering attacks and further mentioned the initial results (by showing examples for each case). We aim to extend this work and further verify the effectiveness of this strategy in near future.

Rosana Montañez Rodriguez,Adham Atyabi,Shouhuai

DOI: https://doi.org/10.48550/arXiv.2203.04813

2022-03-09

Cryptography and Security

Abstract:Social engineering attacks are phenomena that are equally applicable to both the physical world and cyberspace. These attacks in the physical world have been studied for a much longer time than their counterpart in cyberspace. This motivates us to investigate how social engineering attacks in the physical world and cyberspace relate to each other, including their common characteristics and unique features. For this purpose, we propose a methodology to unify social engineering attacks and defenses in the physical world and cyberspace into a single framework, including: (i) a systematic model based on psychological principles for describing these attacks; (ii) a systematization of these attacks; and (iii) a systematization of defenses against them. Our study leads to several insights, which shed light on future research directions towards adequately defending against social engineering attacks in cyberspace.

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Glynn Rogers,Malcolm Crompton,Gaurav Sapre,Jonathan Chan

DOI: https://doi.org/10.48550/arXiv.2302.13532

2023-02-27

Cryptography and Security

Abstract:Social Engineering has emerged as a significant threat in cyber security. In a dialog based attack, by having enough of a potential victim's personal data to be convincing, a social engineer impersonates the victim in order to manipulate the attack's target into revealing sufficient information for accessing the victim's accounts etc. We utilise the developing understanding of human information processing in the Information Sciences to characterise the vulnerability of the target to manipulation and to propose a form of countermeasure. Our focus is on the possibility of the social engineer being able to build the victim's profile by, in part, inferring personal attribute values from statistical information available either informally, from general knowledge, or, more formally, from some public database. We use an orthogonalised log linear analysis of data in the form of a contingence table to develop a measure of how susceptible particular subtables are to probabilistic inference as the basis for our proposed countermeasure. This is based on the observation that inference relies on a high degree of non-uniformity and exploits the orthogonality of the analysis to define the measure in terms of subspace projections.

Heidi Wilcox,Maumita Bhattacharya

DOI: https://doi.org/10.48550/arXiv.2005.04049

2020-05-08

Cryptography and Security

Abstract:Social engineering through social media channels targeting organizational employees is emerging as one of the most challenging information security threats. Social engineering defies traditional security efforts due to the method of attack relying on human naivet\'e or error. The vast amount of information now made available to social engineers through online social networks is facilitating methods of attack which rely on some form of human error to enable infiltration into company networks. While, paramount to organisational information security objectives is the introduction of relevant comprehensive policy and guideline, perspectives and practices vary from global region to region. This paper identifies such regional variations and then presents a detailed investigation on information security outlooks and practices, surrounding social media, in Australian organisations (both public and private). Results detected disparate views and practices, suggesting further work is needed to achieve effective protection against security threats arsing due to social media adoption.

Theodore Tangie Longtchi,Rosana Montañez Rodriguez,Laith Al-Shawaf,Adham Atyabi,Shouhuai Xu

DOI: https://doi.org/10.1109/jproc.2024.3379855

IF: 20.6

2024-05-03

Proceedings of the IEEE

Abstract:Internet-based social engineering (SE) attacks are a major cyber threat. These attacks often serve as the first step in a sophisticated sequence of attacks that target, among other things, victims' credentials and can cause financial losses. The problem has received mounting attention in recent years, with many publications proposing defenses against SE attacks. Despite this, the situation has not improved. In this article, we aim to understand and explain this phenomenon by investigating the root cause of the problem. To this end, we examine Internet-based SE attacks and defenses through a unique lens based on psychological factors (PFs) and psychological techniques (PTs). We find that there is a key discrepancy between attacks and defenses: SE attacks have deliberately exploited 46 PFs and 16 PTs in total, but existing defenses have only leveraged 16 PFs and seven PTs in total. This discrepancy may explain why existing defenses have achieved limited success and prompt us to propose a systematic roadmap for future research.

engineering, electrical & electronic

Loredana Mocean,Miranda-Petronella Vlad

DOI: https://doi.org/10.2478/raft-2024-0017

2024-06-01

Land Forces Academy Review

Abstract:Abstract In this paper we propose a cybersecurity ontology model designed for universities, aiming to facilitate the management and protection of sensitive data and information within the context of the growing cybersecurity threats. The proposed ontology includes four distinct hierarchical levels: the basic level, the conceptual level, the instance level and the relationships level. At the basic level, it defines essential terms and principles of cybersecurity, including concepts like vulnerability, threat, cyber-attack, security policies and security rules. At the conceptual level, the ontology categorizes information and cybersecurity systems, embracing domains such as data protection, authentication, authorization, and auditing. At the instance level, the ontology describes specific examples of information and cybersecurity systems used in universities, such as the library management system or the accounting management system. At the relationships level, the ontology establishes links between different categories of information and cybersecurity systems, as well as between these systems and the entities that use them, such as students, professors and administrative staff. By implementing this cybersecurity ontology, universities can improve the management and protection of their sensitive data and information, as well as respond more efficiently to cybersecurity threats.

Oluwasefunmi 'Tale Arogundade,Zhi Jin,Xiaoguang Yang

DOI: https://doi.org/10.1504/ijics.2014.065168

2014-01-01

International Journal of Information and Computer Security

Abstract:Security requirements managers aim at eliciting, reusing and keeping their sets of requirements. They desire well defined, consistent and up to date requirements throughout the system lifecycle. This paper presents security ontology (SO) which can be used as a basis for eliciting risk-based security requirements. The ontology is based on the security relationship model described in the national institute of standards and technology special publication 800-12 but use-misuse case concepts and some extensions were used. We extended use case with some elements (action and object) to facilitate information system (IS) security policy instantiation after the system has been deployed. We incorporated risk and privilege concepts in order to represent risk knowledge in an unambiguous way and to enable ontology control security issues respectively. This ontology enriches the modelling and management of risk-based safeguard requirements within the requirements engineering discipline by organising the security knowledge to form heavy weight ontology which include concepts, concept taxonomies, relationships, properties, axioms and constraints. This ontology provides capabilities such as IS security management, traceability and reuse. OWL protégé 3.3.1 editor was used for the ontology coding. The results of its adoption in capturing safeguard requirements of healthcare IS were also discussed.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.1080/19393555.2011.652290

2012-01-01

Abstract:ABSTRACT Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requirements. There is limited consensus to the precise meaning of the basic terminology used for use/misuse case concepts. This paper delves into the use of ontology for the formal representation of the use-misuse case domain knowledge for eliciting safety and security requirements. We classify misuse cases into different category to reflect different type of misusers. This will allow participants during the requirement engineering stage to have a common understanding of the problem domain. We enhanced the misuse case domain to include abusive misuse case and vulnerable use case in order to boost the elicitation of safety requirements. The proposed ontological approach will allow developer to share and reuse the knowledge represented in the ontology thereby avoiding ambiguity and inconsistency in capturing safety and security requirements. OWL protégé 3.3.1 editor was used for the ontology coding. An illustration of the use of the ontology is given with examples from the health care information system.

Romil Rawat

DOI: https://doi.org/10.1007/s41870-022-00934-9

2022-05-02

International Journal of Information Technology

Abstract:The backbone of the semantic web is ontology, dealing with the context of details associated with a specific domain. Domain ontology (DO) is an important source of information for knowledge-based systems. Nonetheless, developing DO is a time-consuming procedure that is heavily reliant on the developer&#x27;s expertise. Here, a novel semi-automated technique for creating Ontologies in the terrorism domain is suggested. Terrorism actions provide critical information that can be used to improve a country&#x27;s security system. To obtain the most up-to-date knowledge of the domain, online social network (OSN) data, specifically Twitter text data, is retrieved, and then concepts and associated relationships are recognized and mapped through formal concept analysis (FCA). The fluent editor tool (FET) displays a number of user-defined associations. Knowledge is also extracted using a query-based approach and a reasoner window in the FET. The created DO is broadcast on the web using an ontology web language (OWL) that may be used in a variety of other applications. The suggested work is notable because it creates broad-coverage DO for the terrorist domain using a tool called Fluent Editor (FE) instead of the typical tool (protégé), and semantic information is retrieved with 100% correctness, similar to a query-based search system (QBS).

Dandan Wu,Jie Chen,Ruiyun Xie,Ke Chen

DOI: https://doi.org/10.1631/fitee.2300662

IF: 2.526

2024-10-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from "threat discovery" to "decision-making generation," we propose an ontology-based security model, OntoCSD, for an integrated solution of cyberspace defense that uses Web ontology language (OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language (SWRL) to design the defensive reasoning rules. OntoCSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence (AI) expert system based on case-based reasoning (CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall's coefficient of concordance ( W ) and four experimental cases in a typical computer network defense (CND) system, which reasons on represented facts and the ontology, OntoCSD's consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. OntoCSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

engineering, electrical & electronic,computer science, information systems, software engineering

Hussain Aldawood,Geoffrey Skinner

DOI: https://doi.org/10.1109/tale.2018.8615162

2018-12-01

Abstract:Social engineering, due in part to the increasing popularity and advancements in information technology and ubiquity of devices, has emerged as one of the most challenging cyber security threats in the contemporary age. In the context of cyber security, social engineering is the practice of taking advantage of human weaknesses through manipulation to accomplish a malicious goal. This literature review identifies various social engineering cyber security threats in diverse environments. Exploiting humans as the weakest security link in such environments, as opposed to technical vulnerabilities and system protocols, has led to increased calls for raising information security awareness among users. One of the most straightforward solutions is through effective training and education programs. As such, the paper details how innovative information security education programs can effectively increase user/employee awareness and ultimately reduce cyber security incidents.