Litcius/Paper detail

A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

Mohamed Zaoui, Yousra Belfaik, Yassine Sadqi, Yassine Maleh, Karim Ouazzane

2024IEEE Access29 citationsDOIOpen Access PDF

Abstract

Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.

Topics & Concepts

CategorizationComputer scienceTaxonomy (biology)Social engineering (security)Computer securityData scienceRisk analysis (engineering)Knowledge managementBusinessArtificial intelligenceBotanyBiologyInformation and Cyber SecurityAdvanced Malware Detection TechniquesUser Authentication and Security Systems