Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Wang, Zuoguang; Zhu, Hongsong; Li, Peipei; Sun, Limin

doi:10.1186/s42400-021-00094-6

Cited by 31 publications

(16 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Collaboration between ontology and knowledge graphs can find potential attackers, targets and attack paths, and social engineering threat elements such as human vulnerabilities and attack media. Research Wang et al [68] needs to be validated in actual cases to strengthen the study results further.…”

Section: ) Evaluation Social Engineering Modelmentioning

confidence: 97%

See 1 more Smart Citation

Social Engineering Attacks Prevention: A Systematic Literature Review

et al. 2022

View full text Add to dashboard Cite

Social engineering is an attack on information security for accessing systems or networks. Social engineering attacks occur when victims do not recognize methods, models, and frameworks to prevent them. The current research explains user studies, constructs, evaluation, concepts, frameworks, models, and methods to prevent social engineering attacks. Unfortunately, there is no specific previous research on preventing social engineering attacks that effectively and systematically analyze it. Current prevention methods, models, and frameworks of social engineering attacks include health campaigns, human as security sensor frameworks, user-centric frameworks, and user vulnerability models. The human as a security sensor framework needs guidance that will explore cybersecurity as super-recognizers, likely policing act for a secure system. This paper intends to critically and rigorously review prior literature on the prevention methods, models, and frameworks of social engineering attacks. We conducted a systematic literature review based on Bryman & Bell's literature review method. We found a new approach in addition to methods, frameworks, models and evaluations to prevent social engineering attacks based on our review, which is using a protocol. We found the protocol to effectively prevent social engineering attacks, such as health campaigns, the vulnerability of social engineering victims, and co-utile protocol, which can manage information sharing on a social network. We present this systematic literature review to recommend ways to prevent social engineering attacks.INDEX TERMS Social engineering attacks prevention, systematic literature review.

show abstract

Section: ) Evaluation Social Engineering Modelmentioning

confidence: 97%

“…Wang et al [68] built a social engineering ontology domain in the cybersecurity field, then evaluated the domain. It also builds a knowledge graph based on 15 incidents and social engineering attack scenarios.…”

Section: ) Evaluation Social Engineering Modelmentioning

confidence: 99%

Social Engineering Attacks Prevention: A Systematic Literature Review

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Various security ontological models are expanded with conceptualizations of diverse information. For example, Wang et al developed an ontology regarding social engineering attacks, including eleven core entity types and twenty-two relevant relations [11]. For the same purpose of automatically identifying security risks in the ICS, an ontology presented by Eckhart et al combined with a transformation from the Automation Markup Language (Automation-ML) to Web Ontology Language (OWL) [5], and a hybrid ontology proposed by Alanen et al harmonized concepts among safety, security, and dependability on the basis of current industry standards to assist in the threat analysis [12].…”

Section: Security Domain-specific Kgsmentioning

confidence: 99%

“…Input: target entity e t , maximum path length max_p_len, query relation vector q_r_vec Output: critical path set cri_p_set (1) function DFS_SIM (cur_rela, cur_ent, cur_p_rela, cur_p_ent, cur_p_vec, last_sim, last_len, e t , max_p_len, q_r_vec, cri_p_set) (2) append current relation cur_rela to the list of current path relation cur_p_rela (3) append current entity cur_ent to the list of current path entity list cur_p_ent (4) get the vector of cur_rela and record it as cur_rela_vec (5) cur_p_vec ← cur_p_vec + cur_rela_vec (6) calculate the length of cur_p_vec and record it as cur_len (7) calculate the similarity cur_sim between cur_p_vec and q_r_vec as described in Eq. ( 3) (8) if cur_ent is e t then (9) add cur_p_rela into cri_p_set (10) remove the last elements from cur_p_rela and cur_p_ent (11) end if (12) if cur_len := max_p_len and cur_ent is not e t then (13) remove the last elements from cur_p_rela and cur_p_ent (14) end if (15) if cur_sim > last_sim and cur_len > last_len then (Continued)…”

Section: Algorithm 1: Critical Relation Path Depth-first Search With ...mentioning

confidence: 99%

Critical Relation Path Aggregation-Based Industrial Control Component Exploitable Vulnerability Reasoning

Wang¹,

Huo²,

Zhang³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

“…Moral influence/social responsibility [41] SE attacks use moral influence or social responsibility in two ways. One way is that the foe exploits the victim's helpful nature to extract information or to gain favor to facilitate the attack.…”

Section: Types Of Social Influence Descriptionmentioning

confidence: 99%

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

2022

View full text Add to dashboard Cite

As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.

show abstract

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Cited by 31 publications

References 8 publications

Social Engineering Attacks Prevention: A Systematic Literature Review

Social Engineering Attacks Prevention: A Systematic Literature Review

Critical Relation Path Aggregation-Based Industrial Control Component Exploitable Vulnerability Reasoning

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

Contact Info

Product

Resources

About