An Approach to Estimating of Criticality of Social Engineering Attacks Traces

Khlobystova, Anastasiia O.; Abramov, Maxim V.; Tulupyev, Alexander L.

doi:10.1007/978-3-030-12072-6_36

Cited by 11 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, if the damage did not cause, the actions of the social engineer do not violate the law, although it blame for non-compliance with ethics [15]. In a situation where a social engineer obtained (or made an attempt to obtain) access to confidential information, even without using it and not causing damage by his actions, the actions are unlawful due to the impact applied to the object [16]. To illustrate the qualifying attributes of social engineering, a matrix was drawn up by which it can be established in which combinations the actions of the social engineer are unlawful (harmful) in nature (Table 1).…”

Section: Resultsmentioning

confidence: 99%

Social engineering in the context of ensuring information security

et al. 2019

View full text Add to dashboard Cite

The paper presents the main key features of social engineering and a social engineer activity. Emphasis is placed on the study of social engineering techniques in the system of human-machine interaction used to implement the illegal (malicious) manipulation of human behavior patterns. The matrix of social engineering qualification criteria and the map of information security risks caused by social engineer actions were built. IntroductionThe practice of human-machine interaction (HMI) makes increasingly high demands on the level of information security. This process is like an eternal dispute -what is stronger, a sword or a shield. The evolution of information protection methods reflects the evolution of unauthorized data access methods [1]. Nowadays people are actively embedding computers in their environment; they are trying to make the computer more "human", the level of computer dependence on the outside world also increases with the development of networks [2,3]. On the other hand, the human factor continues to be the least controlled element of HMI [4], which, in turn, according to the modern information and communication technologies development creates not only new opportunities, but also new risks [5]. As a result, the number of information security [6] vulnerability factors increases. Someday, a computer will learn how to evaluate human behavior [7,8] and make decisions based on the results of cognitive processes analysis, considering the value and semantic aspects of personality behavior. Consequently, we are waiting for a new evolutionary leap in the confrontation of "sword and shield". But, so long as a person is only understandable by the other person, the social engineering knowledge will be in demand [9]. qualitative terms of "probability" and "impact" on the risk object dispersed in an ascending order.

show abstract

Section: Resultsmentioning

confidence: 99%

Social engineering in the context of ensuring information security

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Kotenko et al, 22 Aldawood and Skinner, 23 Conteh et al 24 Network security Network security impacts social engineering attacks Aldawood and Skinner, 23 Khlobystova et al, 25 Saleem and Hammoudeh, 5 Fan et al 26 Organizational security policy Organizational security policy impacts social engineering attacks Matyokurehwa et al, 10 Aldawood and Skinner, 23 Airehrour et al 18 Social engineering awareness Social engineering awareness impacts social engineering attacks Lohani, 27 Ghasemi et al, 28 Conteh 24 Human being (Target and Attacker) Human beings impact social engineering attacks Del Pozo Falconí, 19 Alneami, 13 Round 2 listed the factors in alphabetical order that organizations need to consider in mitigating social engineering attacks now and in future from the experts. Round 2 asked the university experts to rank the factors in order of their importance from the most important factor to the least important factor.…”

Section: Author Construct Contributionmentioning

confidence: 99%

Enhanced social engineering framework mitigating against social engineering attacks in higher education

Matyokurehwa

Rudhumbu

Gombiro

et al. 2022

Security and Privacy

View full text Add to dashboard Cite

The purpose of this paper was to develop and validate an enhanced social engineering framework to mitigate against social engineering attacks. The study formulated a theoretical framework which was informed by the strengths and weaknesses of existing social engineering frameworks, the framework was also guided by the Dhillon's balanced control theory. The theoretical framework was validated by experts using the Delphi technique which comprised of three rounds. A sample of 25 experts from three higher education institutions which met the inclusion criteria were selected. The study was guided by the interpretivism philosophy to get a deep understanding of the phenomenon under study. The findings reveal that social engineering awareness, organizational security policy and Internet of Things (IOT) security succor in reducing social engineering attacks. The findings from this study will be utilized by decision makers in higher education sector to come up with engaging social engineering training programs, set up an organizational security policy and preclude IOT attacks to mitigate social engineering attacks in higher education. The study contributes to the field of social engineering with an enhanced social engineering framework that mitigate against social engineering attacks. The study adds to under-represented social engineering framework in higher education.

show abstract

“…In recent years, networks have become part of everyday life, and because of this, they became of high interest to researchers. With the development of computer science, large graphs took on essential roles in many scientific areas such as biology [1], chemistry [2], computer science [3], social engineering [4,5], marketing [6,7] or controlling disease spread. Nowadays, the use of graph databases is also becoming more common and popular, since many areas can take advantage of the benefits provided by graph structure and graph databases.…”

Section: Introductionmentioning

confidence: 99%

An Experimental Study on Centrality Measures Using Clustering

2021

View full text Add to dashboard Cite

Graphs can be found in almost every part of modern life: social networks, road networks, biology, and so on. Finding the most important node is a vital issue. Up to this date, numerous centrality measures were proposed to address this problem; however, each has its drawbacks, for example, not scaling well on large graphs. In this paper, we investigate the ranking efficiency and the execution time of a method that uses graph clustering to reduce the time that is needed to define the vital nodes. With graph clustering, the neighboring nodes representing communities are selected into groups. These groups are then used to create subgraphs from the original graph, which are smaller and easier to measure. To classify the efficiency, we investigate different aspects of accuracy. First, we compare the top 10 nodes that resulted from the original closeness and betweenness methods with the nodes that resulted from the use of this method. Then, we examine what percentage of the first n nodes are equal between the original and the clustered ranking. Centrality measures also assign a value to each node, so lastly we investigate the sum of the centrality values of the top n nodes. We also evaluate the runtime of the investigated method, and the original measures in plain implementation, with the use of a graph database. Based on our experiments, our method greatly reduces the time consumption of the investigated centrality measures, especially in the case of the Louvain algorithm. The first experiment regarding the accuracy yielded that the examination of the top 10 nodes is not good enough to properly evaluate the precision. The second experiment showed that the investigated algorithm in par with the Paris algorithm has around 45–60% accuracy in the case of betweenness centrality. On the other hand, the last experiment resulted that the investigated method has great accuracy in the case of closeness centrality especially in the case of Louvain clustering algorithm.

show abstract

An Approach to Estimating of Criticality of Social Engineering Attacks Traces

Cited by 11 publications

References 21 publications

Social engineering in the context of ensuring information security

Social engineering in the context of ensuring information security

Enhanced social engineering framework mitigating against social engineering attacks in higher education

An Experimental Study on Centrality Measures Using Clustering

Contact Info

Product

Resources

About