Towards effective assessment for social engineering attacks
Paper i proceeding, 2019

Social engineering attacks have drawn more and more attention from both academia and industry, due to the serious threats they pose to information security via exploitation of human vulnerabilities. Unlike technology-based attacks, which have been investigated for decades, there is no efficient security requirements analysis approach for dealing with social engineering attacks. One major obstacle to this problem is the uncertainty of human behavior, making it difficult to effectively assess social engineering attacks. In this paper, we investigate the nature of social engineering attacks and identify their essential factors. Based on such findings, we formulate the problem of social engineering attack assessment, which can be quantitatively calculated using probabilistic model checking. Finally, we present a research agenda that details critical research directions and discusses corresponding challenges.© 2019 IEEE.

Model checking

Security requirements engineering

Likelihood assessment

Social engineering attacks


Tong Li

Beijing University of Technology

Kaiyuan Wang

Beijing University of Technology

Jennifer Horkoff

Chalmers, Data- och informationsteknik, Software Engineering, Software Engineering for Testing, Requirements, Innovation and Psychology

Proceedings of the IEEE International Conference on Requirements Engineering

1090705X (ISSN) 23326441 (eISSN)

Vol. 2019-September 392-397 8920487

27th IEEE International Requirements Engineering Conference, RE 2019
Jeju Island, South Korea,


Annan maskinteknik

Juridik och samhälle




Mer information

Senast uppdaterat