Method of vulnerabilities analysis of socio-technical systems to the social engineering influences
DOI:
https://doi.org/10.20535/2411-1031.2020.8.1.218001Abstract
The use of social engineering is reduced to the interaction of the attacker with an employee of the organization. Such interaction is focused on receiving confidential information and is implemented in four phases: studying, establishing interaction, entering into trust, using trust. An example of the study of these phases is the social engineering optimizer. They are used by separating the attacker (social engineer) and protector (an employee of the organization). Each is initialized by two random decisions. Better among them is interpreted as an attacker. To achieve this, he adheres to social engineering methods. However, the consideration remains that during the interaction, the social engineer manipulates the employee's consciousness and, as a consequence, gains sensitive information. According to the socio-engineering approach, the vulnerabilities of the employee are interpreted as his weaknesses, needs, mania (passions), admiration. This leads to a new model of his behavior, creating favorable conditions for the implementation of threats to the use of social engineering. The manifestation of such forms is a fraud, deception, scam, intrigue, hoax, provocation. The social engineer intentionally influences the employee's mind against will, but with his or her consent. Therefore, it is important to take into account their psychological and personal qualities and professional competencies when interacting. In order to take into account the psychological and personal qualities, professional competencies of the social engineer and the employee of the organization, it is recommended that their interaction be represented by a social graph.References
V. Mokhor, O. Tsurkan, R. Herasymov, O. Kruk, and V. Pokrovska, “Model of vulnerabilities analysis of socio-technical systems to the social engineering influences”, Cybersecurity: Education, Science, Technique, vol. 4, no. 8, pp. 165-173, 2020, doi: https://doi.org/10.28925/2663-4023.2020.8.165173.
V. V. Mokhor, O. V. Tsurkan, R. P. Herasymov, and V. V. Tsurkan, “Information Security Assessment of Computer Systems by Socio-engineering Approach”, Selected Papers of the XVII International Scientific and Practical Conference Information Technologies and Security, vol. 2067. Aachen, Germany: CEUR Workshop Proceedings, 2017, pp. 92-98. [Online]. Available: http://ceur-ws.org/Vol-2067/paper13.pdf. Accessed on: February 12, 2020.
O. G. Korchenko, D. A. Gornitska, and A. Yu. Gololobov, “Extended classification of methods of social engineering”, Ukrainian Scientific Journal of Information Security, vol. 20, no. 2, pp. 197-205, 2014, doi: https://doi.org/10.18372/2225-5036.20.7308.
F. Mouton, M. M. Malan, K. K. Kimppa, and H. S. Venter, “Necessity for ethics in social engineering research”, Computers & Security, vol. 55, pp. 114-127, doi: http://dx.doi.org/10.1016/j.cose.2015.09.0010167-4048.
W. R. Flores, and M. Ekstedt, “Shaping intention to resist social engineering through transformational leadership, information security culture and awareness”, Computers & Security, vol. 59, pp. 26-44, 2016, doi: http://dx.doi.org/10.1016/j.cose.2016.01.004.
M. Junger, L. Montoya, F.-J. Overink, “Priming and warnings are not effective to prevent social engineering attacks”, Computers in Human Behavior, vol. 66, pp. 75-87, 2017, doi: http://dx.doi.org/10.1016/j.chb.2016.09.012.
V. Y. Sokolov, and D. M. Kurbanmuradov, “Method of Counteraction in Social Engineering on Information Activity Objectives”, Cybersecurity: Education, Science, Technique, vol. 1, no. 1, pp. 6-16, 2018, doi: https://doi.org/10.28925/2663-4023.2018.1.616.
N. Abe, and M. Soltys, “Deploying Health Campaign Strategies to Defend Against Social Engineering Threats”, Procedia Computer Science, vol. 159, pp. 824-831, 2019, doi: https://doi.org/10.1016/j.procs.2019.09.241.
O. Tsurkan, R. Herasymov, and O. Kruk, “Methods of counteracting social engineering”, Information Technology and Security, vol. 7, iss. 2 (13), pp. 161-170, July-December 2019, doi: https://doi.org/10.20535/2411-1031.2019.7.2.190563.
F. Mouton, L. Leenen, and H. Venter, “Social engineering attack examples, templates and scenarios”, Computers & Security, vol. 59, pp. 1-54, June 2016, doi: https://doi.org/10.1016/j.2016.03.004.
F.-F. M. Amir, H.-K. Mostafa, and T.-M. Reza, ”The Social Engineering Optimizer (SEO)”, Engineering Applications of Artificial Intelligence, vol. 72, pp. 267-293, 2018, doi: https://doi.org/10.1016/j.engappai.2018.04.009.
O. V. Tsurkan, and T. M. Klymenko, “Vulnerability analysis of sociotechnical systems based on fuzzy social graphs”, in Proc. Scientific and Practical Conference of Pukhov Institute for Modelling in Energy Engineering of National Academy of Sciences of Ukraine Energy security in the era of digital transformation, Kyiv, 2019, pp. 28.
O. V. Tsurkan, R. P. Herasymov, and O. M. Kruk, “Presentation the interaction of the subject and the object of socio-engineering influence with a social graph”, in Proc. Fourth International Scientific and Technical Conference Computer and Informational Systems and Technologies, Kharkiv, 2020, pp. 46, doi: https://doi.org/10.30837/IVcsitic2020201371.
J. N. Moderson, and P. S. Nair, Fuzzy Graphs and Fuzzy Hypergraphs. Heidelberg, Germany: Physica-Verlag Heidelberg, 2000, doi: https://doi.org/10.1007/978-3-7908-1854-3.
L. Zadeh, Fundamentals of a new approach to the analysis of complex systems and decision-making processes. Matematika segodnja, Moscow, Russia: Znanie, 1974, pp. 5-49.
S. Wasserman, and K. Faust, Social Network Analysis: Methods and Applications. Cambridge, England: Cambridge University Press, 2012, doi: https://doi.org/10.1017/CBO9780511815478.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
