Litcius/Paper detail

A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

Zi‐Wei Ye, Yuanbo Guo, Ankang Ju, Fushan Wei, Ruijie Zhang, Jun Ma

2020Journal of Organizational and End User Computing33 citationsDOIOpen Access PDF

Abstract

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.

Topics & Concepts

Profiling (computer programming)Computer scienceSocial engineering (security)Computer securityCloud computingRisk analysis (engineering)BusinessOperating systemInformation and Cyber SecuritySpam and Phishing DetectionAdvanced Malware Detection Techniques