Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

Tsinganos, Nikolaos; Sakellariou, Georgios; Fouliras, Panayotis; Mavridis, Ioannis

doi:10.1145/3230833.3233277

Cited by 21 publications

(24 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By focusing on three unique components, this review aims to incorporate the concept of invisible security, that it, the automation of selective cyber security tasks, whilst maintaining the ability of the human user to remain in the loop and utilise collaborative intelligence between the human and the technology to further the cyber security domain. Historically, users are considered as the weakest link within cyber security ( Tsinganos et al, 2018 ), although they are not always to blame for security compromises ( Adams and Sasse, 1999 ). The effectiveness of too many cyber security measures are questioned in the wake of hard hitting security events, and there is a definite stigma attached to users in cyber space, particularly as a result of numerous cyber security events and breaches following on poor cyber behaviors of users.…”

Section: Discussionmentioning

confidence: 99%

User, Usage and Usability: Redefining Human Centric Cyber Security

Grobler¹,

Gaire²,

Nepal³

2021

Front. Big Data

View full text Add to dashboard Cite

The effectiveness of cyber security measures are often questioned in the wake of hard hitting security events. Despite much work being done in the field of cyber security, most of the focus seems to be concentrated on system usage. In this paper, we survey advancements made in the development and design of the human centric cyber security domain. We explore the increasing complexity of cyber security with a wider perspective, defining user, usage and usability (3U’s) as three essential components for cyber security consideration, and classify developmental efforts through existing research works based on the human centric security design, implementation and deployment of these components. Particularly, the focus is on studies that specifically illustrate the shift in paradigm from functional and usage centred cyber security, to user centred cyber security by considering the human aspects of users. The aim of this survey is to provide both users and system designers with insights into the workings and applications of human centric cyber security.

show abstract

Section: Discussionmentioning

confidence: 99%

User, Usage and Usability: Redefining Human Centric Cyber Security

Grobler¹,

Gaire²,

Nepal³

2021

Front. Big Data

View full text Add to dashboard Cite

show abstract

“…Other proposed solutions such as [1] and [9] use complex state machines to map pathways that can be followed in order to mitigate an attack. The work in [3] is good in terms of a small survey on social engineering attacks by providing a relatively comprehensive background on them and on potential solutions. In [10] the authors provide an approach based on semantics of dialogues to detect social engineering attacks.…”

Section: Related Workmentioning

confidence: 99%

“…That's the main reason why these types of attacks are highly employed and are attractive to applied to others. In the past there were various approaches arguing theoretically that social engineering detection is important [1][2][3][4]. Apart from those there are some practical works based on natural language processing (NLP) and machine learning, including neural networks [5][6].…”

Section: Introductionmentioning

confidence: 99%

SEADer++ v2: Detecting Social Engineering Attacks using Natural Language Processing and Machine Learning

Lansley

Kapetanakis

Polatidis

2020

2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA)

View full text Add to dashboard Cite

Social engineering attacks are well known attacks in the cyberspace and relatively easy to try and implement because no technical knowledge is required. In various online environments such as business domains where customers talk through a chat service with employees or in social networks potential hackers can try to manipulate other people by employing social attacks against them to gain information that will benefit them in future attacks. Thus, we have used a number of natural language processing steps and a machine learning algorithm to identify potential attacks. The proposed method has been tested on a semi-synthetic dataset and it is shown to be both practical and effective.

show abstract

“…For example, a new set of attack instances are identified to allow IDS able to detect possible new type of intrusion. In decision making system, attack recognition is used to analyze user action in order to determine their goal or result [18][19][20]. Based on the output, an appropriate response is proposed to the user.…”

Section: Telkomnikatelecommun Comput El Controlmentioning

confidence: 99%

Vulnerabilities detection using attack recognition technique in multi-factor authentication

et al. 2020

View full text Add to dashboard Cite

Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme.

show abstract

Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

Cited by 21 publications

References 23 publications

User, Usage and Usability: Redefining Human Centric Cyber Security

User, Usage and Usability: Redefining Human Centric Cyber Security

SEADer++ v2: Detecting Social Engineering Attacks using Natural Language Processing and Machine Learning

Vulnerabilities detection using attack recognition technique in multi-factor authentication

Contact Info

Product

Resources

About