Towards effective assessment for social engineering attacks
Paper in proceeding, 2019
Social engineering attacks have drawn more and more attention from both academia and industry, due to the serious threats they pose to information security via exploitation of human vulnerabilities. Unlike technology-based attacks, which have been investigated for decades, there is no efficient security requirements analysis approach for dealing with social engineering attacks. One major obstacle to this problem is the uncertainty of human behavior, making it difficult to effectively assess social engineering attacks. In this paper, we investigate the nature of social engineering attacks and identify their essential factors. Based on such findings, we formulate the problem of social engineering attack assessment, which can be quantitatively calculated using probabilistic model checking. Finally, we present a research agenda that details critical research directions and discusses corresponding challenges.© 2019 IEEE.
Model checking
Likelihood assessment
Social engineering attacks
Security requirements engineering
Author
Tong Li
Beijing University of Technology
Kaiyuan Wang
Beijing University of Technology
Jennifer Horkoff
University of Gothenburg
Proceedings of the IEEE International Conference on Requirements Engineering
1090705X (ISSN) 23326441 (eISSN)
Vol. 2019-September 392-397 8920487978-172813912-8 (ISBN)
27th IEEE International Requirements Engineering Conference, RE 2019
Jeju Island, South Korea,
Jeju Island, South Korea,
Subject Categories
Other Mechanical Engineering
Law and Society
Information Science
DOI
10.1109/RE.2019.00051