Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods

Wang, Zuoguang; Zhu, Hongsong; Sun, Limin

doi:10.1109/access.2021.3051633

Cited by 85 publications

(38 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In general, human vulnerabilities in social engineering fall into four aspects: 1) cognition and knowledge, 2) behavior and habit, 3) emotion and feeling, and 4) psychological vulnerabilities. And the psychological vulnerabilities can be further divided into three levels: 1) human nature, 2) personality trait and 3) individual character from the evolution perspective of human wholeness to individuation [15]. Following is a non-exhaustive list of human vulnerabilities, which contains 43 instances of these six categories.…”

Section: Human Vulnerabilitymentioning

confidence: 99%

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Wang

Zhu

et al. 2021

Cybersecur

Self Cite

View full text Add to dashboard Cite

Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.

show abstract

Section: Human Vulnerabilitymentioning

confidence: 99%

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Wang

Zhu

et al. 2021

Cybersecur

Self Cite

View full text Add to dashboard Cite

show abstract

“…Figure 1 shows the systematization of immunization means [7,[19][20][21]. There are two modes of immunization: prophylactic and probabilistic.…”

Section: Means Modes and Mechanisms Of Immunizationmentioning

confidence: 99%

Modelling Artificial Immunization Processes to Counter Cyberthreats

2021

View full text Add to dashboard Cite

This paper looks at the problem of cybersecurity in modern cyber-physical and information systems and proposes an immune-like approach to the information security of modern complex systems. This approach is based on the mathematical modeling in information security—in particular, the use of immune methods to protect several critical system nodes from a predetermined range of attacks, and to minimize the success of an attack on the system. The methodological approach is to systematize the tasks, means and modes of immunization to describe how modern systems can counter the spread of computer attacks. The main conclusions and recommendations are that using an immunization approach will not only improve the security of systems, but also define principles for building systems that are resistant to cyber attacks. The immunization approach enables a symmetrical response to an intruder in a protected system to be produced rapidly. This symmetry provides a step-by-step neutralization of all stages of a cyber attack, which, combined with the accumulation of knowledge of the attacker’s actions, allows a base of defensive responses to be generated for various cyber attack scenarios. The theoretical conclusions are supported by practical experiments describing real-world scenarios for the use of immunization tools to protect against cyber threats.

show abstract

“…We can classify human vulnerabilities into acquired vulnerabilities (e.g., lack of security awareness and noncompliance) and innate ones (e.g., bounded attention and rationality) based on whether they can be mitigated through short-term training and security rules. Many works (e.g., [11], [13], [26]) have emphasized the urgency and necessity to reduce acquired human vulnerability and proposed human-assistive strategies. However, few works have focused on mitigation strategies for innate vulnerabilities.…”

Section: B Feint Attacks and Human Attentional Modelsmentioning

confidence: 99%

RADAMS: Resilient and Adaptive Alert and Attention Management Strategy against Informational Denial-of-Service (IDoS) Attacks

Huang,

Zhu

2021

Preprint

View full text Add to dashboard Cite

Attacks exploiting human attentional vulnerability have posed severe threats to cybersecurity. In this work, we identify and formally define a new type of proactive attentional attacks called Informational Denial-of-Service (IDoS) attacks that generate a large volume of feint attacks to overload human operators and hide real attacks among feints. We incorporate human factors (e.g., levels of expertise, stress, and efficiency) and empirical results (e.g., the Yerkes-Dodson law and the sunk cost fallacy) to model the operators' attention dynamics and their decision-making processes along with the real-time alert monitoring and inspection. To assist human operators in timely and accurately dismissing the feints and escalating the real attacks, we develop a Resilient and Adaptive Data-driven alert and Attention Management Strategy (RADAMS) that deemphasizes alerts selectively based on the alerts' observable features. RADAMS uses reinforcement learning to achieve a customized and transferable design for various human operators and evolving IDoS attacks. The integrated modeling and theoretical analysis lead to the Product Principle of Attention (PPoA), fundamental limits, and the tradeoff among crucial human and economic factors. Experimental results corroborate that the proposed strategy outperforms the default strategy and can reduce the IDoS risk by as much as 20%. Besides, the strategy is resilient to large variations of costs, attack frequencies, and human attention capacities. We have recognized interesting phenomena such as attentional risk equivalency, attacker's dilemma, and the half-truth optimal attack strategy.

show abstract

Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods

Cited by 85 publications

References 66 publications

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Modelling Artificial Immunization Processes to Counter Cyberthreats

RADAMS: Resilient and Adaptive Alert and Attention Management Strategy against Informational Denial-of-Service (IDoS) Attacks

Contact Info

Product

Resources

About