Advertisement

Employees’ Social Graph Analysis: A Model of Detection the Most Criticality Trajectories of the Social Engineering Attack’s Spread

  • A. KhlobystovaEmail author
  • M. Abramov
  • A. Tulupyev
Conference paper
  • 7 Downloads
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1156)

Abstract

In this research we present the hybrid model of finding the most critical distribution trajectories of multipath Social engineering attacks, passing through which by the malefactor on a global basis has the topmost degree of probability and will bring the greatest loss to the company. The solution of search problem concerning the most critical trajectories rests upon the assumption that the estimated probabilities of the direct Social engineering attack on user, degree evaluation of documents’ criticality, the estimated probabilities of Social engineering attack’s distribution from user to user are premised on linguistic indistinct variables are already calculated. The described model finds its application at creation when constructing the estimates of information systems users’ safety against Social engineering attacks and promotes well-timed informing of decision-makers on the vulnerabilities which being available in system.

Keywords

Social engineering Multiway social engineering attacks Hybrid model of linguistic fuzzy variable Analysis of social graph of company employees Propagation of the multiway social engineering attack Finding of the most criticality trajectory of the spread multiway social engineering attack 

References

  1. 1.
    Abramov, M., Tulupyeva, T., Tulupyev, A.: Social Engineering Attacks: social networks and user security estimates. SUAI, St. Petersburg (2018), 266 p.Google Scholar
  2. 2.
    Amato, F., Castiglione, A., De Santo, A., Moscato, V., Picariello, A., Persia, F., Sperlí, G.: Recognizing human behaviours in online social networks. Comput. Secur. 74, 355–370 (2018)CrossRefGoogle Scholar
  3. 3.
    Coughlan, S.: ‘Sharenting’ puts young at risk of online fraud. https://www.bbc.com/news/education-44153754. Accessed 03 Apr 2019
  4. 4.
  5. 5.
    Cybersecurity threatscape 2018: trends and forecasts. https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2018/. Accessed 28 Mar 2019
  6. 6.
    Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18–34 (2017)CrossRefGoogle Scholar
  7. 7.
    Khlobystova, A., Abramov, M., Tulupyev, A.: An approach to estimating of criticality of social engineering attacks traces. Studies in Systems. Decision and Control, pp. 446–456 (2019)Google Scholar
  8. 8.
    Khlobystova, A., Abramov, M., Tulupyev, A.: Identifying the most critical trajectory of the spread of a social engineering attack between two users. In: The Second International Scientific and Practical Conference “Fuzzy Technologies in the Industry – FTI 2018”. CEUR Workshop Proceedings, pp. 38–43 (2018)Google Scholar
  9. 9.
    Li, J., Zhang, Y., Chen, X., Xiang, Y.: Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1–12 (2018)CrossRefGoogle Scholar
  10. 10.
    Muhammad, K., Sajjad, M., Mehmood, I., Rho, S., Baik, S.W.: Image steganography using uncorrelated color space and its application for security of visual contents in online social networks. Future Gener. Comput. Syst. 86, 951–960 (2018)CrossRefGoogle Scholar
  11. 11.
    Musuva, P.M.W., Getao, K.W., Chepken, C.K.: A new approach to modelling the effects of cognitive processing and threat detection on phishing susceptibility. Comput. Hum. Behav. 94, 154–175 (2019)CrossRefGoogle Scholar
  12. 12.
    Protecting People: A Quarterly Analysis of Highly Targeted Cyber Attacks. https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis. Accessed 20 Jan 2019
  13. 13.
    Sahingoz, O.K., Buber, E., Demir, O., Diri, B.: Machine learning based phishing detection from URLs. Expert Syst. Appl. 117, 345–357 (2019)CrossRefGoogle Scholar
  14. 14.
    Tang, J., Meng, F., Zhang, S., An, Q.: Group decision making with interval linguistic hesitant fuzzy preference relations. Expert Syst. Appl. 119, 231–246 (2019)CrossRefGoogle Scholar
  15. 15.
    Tian, Z.P., Wang, J., Wang, J.Q., Chen, X.H.: Multicriteria decision-making approach based on gray linguistic weighted Bonferroni mean operator. Int. Trans. Oper. Res. 25(5), 1635–1658 (2018)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Vance, A., Lowry, P.B., Eggett, D.L.: Increasing accountability through the user interface design artifacts: a new approach to addressing the problem of access-policy violations. MIS Q. 39(2), 345–366 (2015)CrossRefGoogle Scholar
  17. 17.
    Vishwanath, A., Harrison, B., Ng, Y.J.: Suspicion, cognition, and automaticity model of phishing susceptibility. Commun. Res. 45(8), 1146–1166 (2018)CrossRefGoogle Scholar
  18. 18.
    Williams, E.J., Hinds, J., Joinson, A.N.: Exploring susceptibility to phishing in the workplace. Int. J. Hum Comput Stud. 120, 1–13 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Laboratory of Theoretical and Interdisciplinary Problems of InformaticsSt. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. PetersburgRussia
  2. 2.Mathematics and Mechanics FacultySt. Petersburg State UniversitySt. PetersburgRussia

Personalised recommendations