Advertisement

Assessment of the Information System’s Protection Degree from Social Engineering Attack Action of Malefactor While Changing the Characteristics of User’s Profiles: Numerical Experiments

  • Artur AzarovEmail author
  • Alena Suvorova
  • Maria Koroleva
  • Olga Vasileva
  • Tatiana Tulupyeva
Conference paper
  • 7 Downloads
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1156)

Abstract

The article describes an approach to the analysis of changes in the user’s protection level from the social engineering attack actions of malefactor in the case of applying two strategies to increase the level of protection. The first deals with changing information system’s users (dismissal/advanced training), and second is changes in user access policies to critical information stored in such information systems. Numerical experiment is also presented.

Keywords

Social engineering attacks User’s vulnerabilities profile Access policies User’s social graph 

References

  1. 1.
    Azarov, A., Abramov, M., Tulupyev, A., Tulupyeva, T.: Models and algorithms for the information system’s users’ protection level probabilistic estimation. In: Proceedings of the First International Scientific Conference “Intelligent Information Technologies for Industry” (IITI 2016), vol. 2, pp. 39–46 (2016)Google Scholar
  2. 2.
    Azarov, A., Abramov, M., Tulupyeva, T., Tulupyev, A.: Users’ of information system protection analysis from malefactor’s social engineering attacks taking into account malefactor’s competence profile. Biologically Inspired Cognitive Architectures (BICA) for Young Scientists, pp. 25–30 (2016)Google Scholar
  3. 3.
    Azarov, A., Suvorova, A., Tulupyeva, T.: Changing the information system’s protection level from social engineering attacks, in case of reorganizing the information system’s users’ structure. In: II International Scientific-Practical Conference « Fuzzy Technologies in the Industry » , pp. 56–62 (2018)Google Scholar
  4. 4.
    Azarov, A., Suvorova, A.: Sustainability of the user’s social network graph to the social engineering attack actions: an approach based on genetic algorithms. In: XXII International Conference on Soft Computing and Measurement (SCM 2018), pp. 126–129 (2018)Google Scholar
  5. 5.
    D’Innocenzo, L., Mathieu, J., Kukenberger, M.: A meta-analysis of different forms of shared leadership–team performance relations. J. Manag. 42(7), 1964–1991 (2017)Google Scholar
  6. 6.
    Fang, R., Landis, B., Zhang, Z., Anderson, M., Shaw, J., Kilduff, M.: Integrating personality and social networks: A meta-analysis of personality, network position, and work outcomes in organizations. Organ. Sci. 26(4), 1243–1260 (2015)CrossRefGoogle Scholar
  7. 7.
    Gupta, B., Tewari, A., Jain, A., Agrawal, D.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28, 3629–3654 (2017)CrossRefGoogle Scholar
  8. 8.
    Huda, A.S.N., Živanović, R.: Accelerated distribution systems reliability evaluation by multilevel Monte Carlo simulation: implementation of two discretisation schemes. IET Gener. Transm. Distrib. 11(13), 3397–3405 (2017)CrossRefGoogle Scholar
  9. 9.
    Kharitonov, N., Maximov, A., Tulupyev, A.: Algebraic Bayesian Networks: The Use of Parallel Computing While Maintaining Various Degrees of Consistency. Stud. Syst. Decis. Control 199, 696–704 (2019)CrossRefGoogle Scholar
  10. 10.
    Kotenko, I., Chechulin, A., Branitskiy, A.: Generation of source data for experiments with network attack detection software. J. Phys: Conf. Ser. 820, 12–33 (2017)Google Scholar
  11. 11.
    Liu, J., Lyu, Q., Wang, Q., Yu, X.: A digital memories based user authentication scheme with privacy preservation. PLoS ONE 12(11), 0186925 (2017)Google Scholar
  12. 12.
    Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., Kusev, P.: Risk perceptions of cyber-security and precautionary behavior. Comput. Hum. Behav. 62, 5678–5693 (2017)Google Scholar
  13. 13.
    Shindarev, N., Bagretsov, G., Abramov, M., Tulupyeva, T., Suvorova, A.: Approach to identifying of employees profiles in websites of social networks aimed to analyze social engineering vulnerabilities. In: International Conference on Intelligent Information Technologies for Industry, pp. 441–447 (2017)Google Scholar
  14. 14.
    Struharik, R., Vukobratović, B.: A system for hardware aided decision tree ensemble evolution. J. Parallel Distrib. Comput. 112, 67–83 (2018)CrossRefGoogle Scholar
  15. 15.
    Suleimanov, A., Abramov, M., Tulupyev, A.: Modelling of the social engineering attacks based on social graph of employees communications analysis. In: 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 801–805 (2018)Google Scholar
  16. 16.
    Terlizzi, M., Meirelles, F., Viegas Cortez da Cunha, M.: Behavior of Brazilian banks employees on facebook and the cybersecurity governance. J. Appl. Secur. Res. 12, 224–252 (2017)CrossRefGoogle Scholar
  17. 17.
    Tulupyev, A., Kharitonov, N., Zolotin, A.: Algebraic Bayesian networks: consistent fusion of partially intersected knowledge systems. In: The Second International Scientific and Practical Conference “Fuzzy Technologies in the Industry – FTI 2018”, pp. 109–115 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Artur Azarov
    • 1
    Email author
  • Alena Suvorova
    • 2
  • Maria Koroleva
    • 3
  • Olga Vasileva
    • 4
  • Tatiana Tulupyeva
    • 1
  1. 1.St. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSaint-PetersburgRussia
  2. 2.National Research University Higher School of EconomicsSaint-PetersburgRussia
  3. 3.BMSTUMoscowRussia
  4. 4.Saint Petersburg State UniversitySaint-PetersburgRussia

Personalised recommendations