A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Heartfield, Ryan; Loukas, George

doi:10.1145/2835375

Cited by 142 publications

(91 citation statements)

References 110 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Most related studies have been constrained by small sample sizes and predictors that are difficult to generalise across a multitude of semantic attacks. To some extent, this is due to the fact that most researchers focus only on phishing attacks, which is only one section of the problem space [1]. Specialised training systems have been shown to work well [11], as well as technical models combining demographic and behavioural attributes [31], but they are application-specific and do not consider other deception vectors that might be employed in semantic attacks.…”

Section: Predicting Susceptibility a Related Workmentioning

confidence: 99%

“…Semantic social engineering attacks target the user-computer interface in order to deceive a user into performing an action that will breach a system's information security [1]. On any system, the user interface is always vulnerable to abuse by authorised users, with or without their knowledge.…”

Section: Introductionmentioning

confidence: 99%

“…Towards this vision, we have conducted two experiments with the participants being asked to tell whether particular exhibits show an attack or not. We have collected data regarding both the users and their performance in detecting attacks that employ different deception vectors [1] and have developed two prediction models. The first experiment helped identify high level predictors that can be measured ethically, automatically and in real-time, whilst being applicable across the wider Internet population; we define this study as stage 1.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

2016

Self Cite

View full text Add to dashboard Cite

Semantic social engineering attacks are a pervasive threat to computer and communication systems. By employing deception rather than by exploiting technical vulnerabilities, spear-phishing, obfuscated URLs, drive-by downloads, spoofed websites, scareware, and other attacks are able to circumvent traditional technical security controls and target the user directly. Our aim is to explore the feasibility of predicting user susceptibility to deception-based attacks through attributes that can be measured, preferably in real-time and in an automated manner. Toward this goal, we have conducted two experiments, the first on 4333 users recruited on the Internet, allowing us to identify useful high-level features through association rule mining, and the second on a smaller group of 315 users, allowing us to study these features in more detail. In both experiments, participants were presented with attack and non-attack exhibits and were tested in terms of their ability to distinguish between the two. Using the data collected, we have determined practical predictors of users' susceptibility against semantic attacks to produce and evaluate a logistic regression and a random forest prediction model, with the accuracy rates of .68 and .71, respectively. We have observed that security training makes a noticeable difference in a user's ability to detect deception attempts, with one of the most important features being the time since last self-study, while formal security education through lectures appears to be much less useful as a predictor. Other important features were computer literacy, familiarity, and frequency of access to a specific platform. Depending on an organisation's preferences, the models learned can be configured to minimise false positives or false negatives or maximise accuracy, based on a probability threshold. For both models, a threshold choice of 0.55 would keep both false positives and false negatives below 0.2.INDEX TERMS Security, cyber crime, social engineering, semantic attacks. 6910 2169-3536

show abstract

Section: Predicting Susceptibility a Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

2016

Self Cite

View full text Add to dashboard Cite

show abstract

“…Another recent novel taxonomy of SE attacks was proposed by Heartfield and Loukas [15]. It adopts three distinct control stages-orchestration, exploitation and execution, as the basic categories of the taxonomy.…”

Section: A Social Engineering Taxonomiesmentioning

confidence: 99%

Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

Fan¹,

Lwakatare²,

Rong³

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.

show abstract

“…Specifically, in relation to social media, it is particularly important to be able to tell to what extent users can correctly detect and report deception-based security threats (R. Heartfield and G. Loukas, 2016). In this respect, the related work on user susceptibility to phishing and other semantic social engineering attacks is highly relevant.…”

Section: Related Workmentioning

confidence: 99%

Predicting the performance of users as human sensors of security threats in social media

Heartfield¹,

Loukas²

2016

IJCSA

Self Cite

View full text Add to dashboard Cite

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber threats, specifically on social media. For this, we have conducted an online test and accompanying questionnairebased survey, which was taken by 4,457 users. The test included eight realistic social media scenarios (four attack and four non-attack) in the form of screenshots, which the participants were asked to categorise as "likely attack" or "likely not attack". We present the overall performance of human sensors in our experiment for each exhibit, and also apply logistic regression and Random Forest classifiers to evaluate the feasibility of predicting that performance based on different characteristics of the participants. Such prediction would be useful where accuracy of human sensors in detecting and reporting social media security threats is important. We identify features that are good predictors of a human sensor's performance and evaluate them in both a theoretical ideal case and two more realistic cases, the latter corresponding to limited access to a user's characteristics Keyword: -Social media, computer security, semantic attacks, phishing, social engineering, human as a sensor.

show abstract

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Cited by 142 publications

References 110 publications

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

Predicting the performance of users as human sensors of security threats in social media

Contact Info

Product

Resources

About