Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

Fan, Wenjun; Kevin, Lwakatare y Rong, Rong (2017). Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations. "I. J. Computer Network and Information Security", v. 9 (n. 1); pp. 1-11. https://doi.org/10.5815/ijcnis.2017.01.01.

Descripción

Título: Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations
Autor/es:
  • Fan, Wenjun
  • Kevin, Lwakatare
  • Rong, Rong
Tipo de Documento: Artículo
Título de Revista/Publicación: I. J. Computer Network and Information Security
Fecha: 8 Enero 2017
Volumen: 9
Materias:
Palabras Clave Informales: —Social Engineering, Semantic Attacks, Information Security, Data Privacy, Hacking Techniques, Human Weaknesses.
Escuela: E.T.S.I. Telecomunicación (UPM)
Departamento: Ingeniería de Sistemas Telemáticos [hasta 2014]
Licencias Creative Commons: Reconocimiento

Texto completo

[img]
Vista Previa
PDF (Document Portable Format) - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (343kB) | Vista Previa

Resumen

Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.

Más información

ID de Registro: 45395
Identificador DC: http://oa.upm.es/45395/
Identificador OAI: oai:oa.upm.es:45395
Identificador DOI: 10.5815/ijcnis.2017.01.01
URL Oficial: http://www.mecs-press.org/ijcnis/ijcnis-v9-n1/IJCNIS-V9-N1-1.pdf
Depositado por: Wenjun Fan
Depositado el: 06 Abr 2017 07:30
Ultima Modificación: 06 Abr 2017 07:30
  • Open Access
  • Open Access
  • Sherpa-Romeo
    Compruebe si la revista anglosajona en la que ha publicado un artículo permite también su publicación en abierto.
  • Dulcinea
    Compruebe si la revista española en la que ha publicado un artículo permite también su publicación en abierto.
  • Recolecta
  • e-ciencia
  • Observatorio I+D+i UPM
  • OpenCourseWare UPM