Spelling suggestions: "subject:"cocial engineering attacks"" "subject:"cocial ingineering attacks""
1 |
An integrated intelligent approach to enhance the security control of it systems : a proactive approach to security control using artificial fuzzy logic to strengthen the authentication process and reduce the risk of phishingSalem, Omran S. A. January 2012 (has links)
Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
|
2 |
An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of PhishingSalem, Omran S.A. January 2012 (has links)
Hacking information systems is continuously on the increase. Social engineering
attacks is performed by manipulating the weakest link in the security chain; people.
Consequently, this type of attack has gained a higher rate of success than a technical
attack.
Based in Expert Systems, this study proposes a proactive and integrated
Intelligent Social Engineering Security Model to mitigate the human risk and reduce the
impact of social engineering attacks.
Many computer users do not have enough security knowledge to be able to
select a strong password for their authentication. The author has attempted to implement
a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is
being developed to evaluate password strength and measures the password strength
based on dictionary attack, time crack and shoulder surfing attack (social engineering).
A comparative study of existing tools used by major companies such as Microsoft,
Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and
tool.
A comprehensive literature survey and analytical study performed on phishing
emails representing social engineering attacks that are directly related to financial fraud
are presented and compared with other security threats. This research proposes a novel
approach that successfully addresses social engineering attacks. Another intelligent tool
is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source
code and providing an in-line awareness security feedback.
|
3 |
Identifying Resilience Against Social Engineering AttacksCerovic, Lazar January 2020 (has links)
Social engineering (SE) attacks are one of the most common cyber attacks and frauds, which causes a large economical destruction to individuals, companies and governments alike. The attacks are hard to protect from, since SE-attacks is based on exploiting human weaknesses. The goal of this study is to identify indicators of resilience against SE-attacks from individual computer space data, such as network settings, social media profiles, web browsing behaviour and more. This study is based on qualitative methods to collect information, analyse and evaluate data. Resilience is evaluated with models such as theory of planned behaviour and the big five personality traits, as well as personal and demographic information. Indicators of resilience were found in network settings such as service set identifiers (SSID) and routers, web history, social media use and more. The framework developed in this study could be expanded with more aspect of individual data and different evaluation criteria. Further studies can be done about this subject with tools such as artificial intelligence and machine learning. / Sociala manipulationer är bland de vanligaste cyber attackerna och bedrägerierna som orsakar enorma ekonomiska skador varje år för individer, företag och myndigheter. Dessa attacker är svåra att skydda ifrån då sociala manipulationer utnyttjar mänskliga svagheter som ett medel till att stjäla pengar eller information. Målet med studien är att identifiera indikatorer av motstånd mot sociala manipulationsattacker, vilket ska göras med hjälp av individuell data, som kan bestå av nätverksinställningar, sociala medieprofiler, webbaktivitet bland annat. Denna studie är baserat på kvalitativa metoder för att samla, analysera och utvärdera data. Motstånd mot social manipulation utvärderas med hjälp av relevanta teorier och modeller som har med beteende och personligheter att göra, sedan används även personlig och demografisk information i utvärderingen. De indikatorer som identifierades var bland annat inställningar i routrar, webbhistorik och social medianvändning. Det teoretiska ramverket som utvecklades för att utvärdera motstånd mot sociala manipulationsattacker kan utökas med fler aspekter av individuell data. Viktiga samhällshändelser och sammanhang kan vara en intressant faktor som är relaterat till ämnet. Framtida studier skulle kunna kombinera detta ramverk med tekniker som maskinlärning och artificiell intelligens.
|
4 |
EXPLORING PHISHING SUSCEPTIBILITY ATTRIBUTABLE TO AUTHORITY, URGENCY, RISK PERCEPTION AND HUMAN FACTORSPriyanka Tiwari (9187496) 30 July 2020 (has links)
<p>Security breaches nowadays are not limited to technological
orientation. Research in the information security domain is gradually shifting
towards human behavioral orientation toward breaches that target weaknesses
arising from human behaviors (Workman et al., 2007). Currently, social
engineering breaches are more effective than many technical attacks. In fact, the
majority of cyber assaults have a social engineering component. Social
Engineering is the art of manipulating human flaws towards a malicious
objective (Breda et al., 2017). In the likely future, social engineering will
be the most predominant attack vector within cyber security (Breda et al.,
2017). Human failures, persuasion and social influences are key elements to
understand when considering security behaviors. With the increasing concerns
for social engineering and advancements in human factors-based technology,
phishing emails are becoming more prevalent in exploiting human factors and
external factors. Such factors have been researched upon in pairs, not overall.
Till date, there is not much research done to identify the collaborative links
between authority, urgency, risk perception and human factors such as
personality traits, and knowledge. This study investigates about phishing email
characters, external influences, human factors influences, and their collaborative
effects. </p>
|
5 |
MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTSGrusha Ahluwalia (13029936) 29 April 2023 (has links)
<p> </p>
<p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p>
|
Page generated in 0.0801 seconds