Analysis of Social Engineering Threats with Attack Graphs

نویسندگان

  • Kristian Beckers
  • Leanid Krautsevich
  • Artsiom Yautsiukhin
چکیده

Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Cyber Threats Foresight Against Iran Based on Attack Vector

Cyber ​​threats have been extraordinary increased in recent years. Cyber ​​attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber thr...

متن کامل

An Ant Colony Optimization Algorithm for Network Vulnerability Analysis

Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...

متن کامل

A particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs

To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...

متن کامل

Secure Collaborative Spectrum Sensing in the Presence of Primary User Emulation Attack in Cognitive Radio Networks

Collaborative Spectrum Sensing (CSS) is an effective approach to improve the detection performance in Cognitive Radio (CR) networks. Inherent characteristics of the CR have imposed some additional security threats to the networks. One of the common threats is Primary User Emulation Attack (PUEA). In PUEA, some malicious users try to imitate primary signal characteristics and defraud the CR user...

متن کامل

An Evolutionary Approach of Attack Graphs and Attack Trees: A Survey of Attack Modeling

The advancement of modern day computing has led to an increase of threats and intrusions. As a result, advanced security measures and threat analysis models are necessary to detect these threats and identify protective measures needed to secure a system. The most popular forms of attack modeling today are attack graphs and attack trees. This literature summarizes the different approaches throug...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014