Towards effective assessment for social engineering attacks
Paper in proceeding, 2019

Social engineering attacks have drawn more and more attention from both academia and industry, due to the serious threats they pose to information security via exploitation of human vulnerabilities. Unlike technology-based attacks, which have been investigated for decades, there is no efficient security requirements analysis approach for dealing with social engineering attacks. One major obstacle to this problem is the uncertainty of human behavior, making it difficult to effectively assess social engineering attacks. In this paper, we investigate the nature of social engineering attacks and identify their essential factors. Based on such findings, we formulate the problem of social engineering attack assessment, which can be quantitatively calculated using probabilistic model checking. Finally, we present a research agenda that details critical research directions and discusses corresponding challenges.© 2019 IEEE.

Model checking

Likelihood assessment

Social engineering attacks

Security requirements engineering

Author

Tong Li

Beijing University of Technology

Kaiyuan Wang

Beijing University of Technology

Jennifer Horkoff

University of Gothenburg

Proceedings of the IEEE International Conference on Requirements Engineering

1090705X (ISSN) 23326441 (eISSN)

Vol. 2019-September 392-397 8920487
978-172813912-8 (ISBN)

27th IEEE International Requirements Engineering Conference, RE 2019
Jeju Island, South Korea,

Subject Categories

Other Mechanical Engineering

Law and Society

Information Science

DOI

10.1109/RE.2019.00051

More information

Latest update

1/3/2024 9