Defending against social engineering attacks: A security pattern‐based analysis framework
Abstract Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's "vulnerabilities" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia a...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2023-07-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12125 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558495467044864 |
|---|---|
| author | Tong Li Chuanyong Song Qinyu Pang |
| author_facet | Tong Li Chuanyong Song Qinyu Pang |
| author_sort | Tong Li |
| collection | DOAJ |
| description | Abstract Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's "vulnerabilities" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia and industry, it is challenging to propose a comprehensive and practical set of countermeasures to protect systems from social engineering attacks due to its interdisciplinary nature. Moreover, the existing social engineering defence research is highly dependent on manual analysis, which is time‐consuming and labour‐intensive and cannot solve practical problems efficiently and pragmatically. This paper proposes a systematic approach to generate countermeasures based on a typical social engineering attack process. Specifically, we systematically ‘attack’ each step of social engineering attacks to prevent, mitigate, or eliminate them, resulting in 62 countermeasures. We have designed a set of social engineering security patterns that encapsulate relevant security knowledge to provide practical assistance in the defence analysis of social engineering attacks. Finally, we present an automatic analysis framework for applying social engineering security patterns. We applied the case study method and performed semi‐structured interviews with nine participants to evaluate our proposal, showing that our approach effectively defended against social engineering attacks. |
| format | Article |
| id | doaj-art-0781f74b56c847ba8153a9c40039180b |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2023-07-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-0781f74b56c847ba8153a9c40039180b2025-02-03T01:32:08ZengWileyIET Information Security1751-87091751-87172023-07-0117470372610.1049/ise2.12125Defending against social engineering attacks: A security pattern‐based analysis frameworkTong Li0Chuanyong Song1Qinyu Pang2Beijing University of Technology Beijing ChinaBeijing University of Technology Beijing ChinaBeijing University of Technology Beijing ChinaAbstract Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's "vulnerabilities" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia and industry, it is challenging to propose a comprehensive and practical set of countermeasures to protect systems from social engineering attacks due to its interdisciplinary nature. Moreover, the existing social engineering defence research is highly dependent on manual analysis, which is time‐consuming and labour‐intensive and cannot solve practical problems efficiently and pragmatically. This paper proposes a systematic approach to generate countermeasures based on a typical social engineering attack process. Specifically, we systematically ‘attack’ each step of social engineering attacks to prevent, mitigate, or eliminate them, resulting in 62 countermeasures. We have designed a set of social engineering security patterns that encapsulate relevant security knowledge to provide practical assistance in the defence analysis of social engineering attacks. Finally, we present an automatic analysis framework for applying social engineering security patterns. We applied the case study method and performed semi‐structured interviews with nine participants to evaluate our proposal, showing that our approach effectively defended against social engineering attacks.https://doi.org/10.1049/ise2.12125fraudpattern matchingpersonnel |
| spellingShingle | Tong Li Chuanyong Song Qinyu Pang Defending against social engineering attacks: A security pattern‐based analysis framework IET Information Security fraud pattern matching personnel |
| title | Defending against social engineering attacks: A security pattern‐based analysis framework |
| title_full | Defending against social engineering attacks: A security pattern‐based analysis framework |
| title_fullStr | Defending against social engineering attacks: A security pattern‐based analysis framework |
| title_full_unstemmed | Defending against social engineering attacks: A security pattern‐based analysis framework |
| title_short | Defending against social engineering attacks: A security pattern‐based analysis framework |
| title_sort | defending against social engineering attacks a security pattern based analysis framework |
| topic | fraud pattern matching personnel |
| url | https://doi.org/10.1049/ise2.12125 |
| work_keys_str_mv | AT tongli defendingagainstsocialengineeringattacksasecuritypatternbasedanalysisframework AT chuanyongsong defendingagainstsocialengineeringattacksasecuritypatternbasedanalysisframework AT qinyupang defendingagainstsocialengineeringattacksasecuritypatternbasedanalysisframework |