Analysis of Social Engineering Threats with Attack Graphs
نویسندگان
چکیده
Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.
منابع مشابه
Cyber Threats Foresight Against Iran Based on Attack Vector
Cyber threats have been extraordinary increased in recent years. Cyber attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber thr...
متن کاملAn Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملA particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...
متن کاملSecure Collaborative Spectrum Sensing in the Presence of Primary User Emulation Attack in Cognitive Radio Networks
Collaborative Spectrum Sensing (CSS) is an effective approach to improve the detection performance in Cognitive Radio (CR) networks. Inherent characteristics of the CR have imposed some additional security threats to the networks. One of the common threats is Primary User Emulation Attack (PUEA). In PUEA, some malicious users try to imitate primary signal characteristics and defraud the CR user...
متن کاملAn Evolutionary Approach of Attack Graphs and Attack Trees: A Survey of Attack Modeling
The advancement of modern day computing has led to an increase of threats and intrusions. As a result, advanced security measures and threat analysis models are necessary to detect these threats and identify protective measures needed to secure a system. The most popular forms of attack modeling today are attack graphs and attack trees. This literature summarizes the different approaches throug...
متن کامل