A Risk Analysis Framework for Social Engineering Attack Based on User Profiling
Open Access
- 1 July 2020
- journal article
- research article
- Published by IGI Global in Journal of Organizational and End User Computing
- Vol. 32 (3), 37-49
- https://doi.org/10.4018/joeuc.2020070104
Abstract
Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.Keywords
This publication has 10 references indexed in Scilit:
- Analytics for characterising and measuring the naturalness of online personaeSecurity Informatics, 2016
- LED: A fast overlapping communities detection algorithm based on structural clusteringNeurocomputing, 2016
- Multi-layered graph-based model for social engineering vulnerability assessmentPublished by Association for Computing Machinery (ACM) ,2015
- Automated Insider Threat Detection System Using User and Role-Based Profile AssessmentIEEE Systems Journal, 2015
- Advanced social engineering attacksJournal of Information Security and Applications, 2015
- Phishing Dark WatersPublished by Wiley ,2015
- Analysis of Social Engineering Threats with Attack GraphsLecture Notes in Computer Science, 2015
- The Human Factor in the Social Media Security – Combining Education and Technology to Reduce Social Engineering Risks and DamagesProcedia Manufacturing, 2015
- An overview of social engineering malware: Trends, tactics, and implicationsTechnology in Society, 2010
- Who falls for phish?Published by Association for Computing Machinery (ACM) ,2010