Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

@article{Wang2021SocialEI,
  title={Social engineering in cybersecurity: a domain ontology and knowledge graph application examples},
  author={Zuoguang Wang and Hongsong Zhu and Pei Chang Liu and Limin Sun},
  journal={Cybersecurity},
  year={2021},
  volume={4},
  pages={1-21}
}
Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations… 

A review of knowledge graph application scenarios in cyber security

A comparative review of the different works that elaborate on the recent progress in the application scenarios of cyber security knowledge graph, and a novel comprehensive classification framework is created to describe the connected works from nine primary categories and eighteen subcategories.

Recent Progress of Using Knowledge Graph for Cybersecurity

A quick overview of the cybersecurity knowledge graph’s core concepts, schema, and building methodologies is given and a new comprehensive classification system is developed to define the linked works from 9 core categories and 18 subcategories.

Applicability Analysis of Knowledge Graph Embedding on Blended Threat

To predict and respond to the potential complex security risks on IoBE, a knowledge graph embedding model applicable to blended threats is analyzed in this study.

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

The paper discusses human vulnerabilities employed by criminals in recent security breaches, and highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.

Vulnerabilities of Cyber Security of Technical Intelligentsia in Relation to Social Engineering

To counteract the automatic reaction and conditioned reflexes, it is recommended to analyze the origin of beliefs, their inconsistency, adequacy and impact on activities.

Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering Attacks

The study showed that the approaches developed now are sufficient to form the basis for the revision of personnel processes in the organization, and a model of socio-engineering attack considering psychological aspects is proposed.

Social Engineering Attacks Prevention: A Systematic Literature Review

The protocol to effectively prevent social engineering attacks, such as health campaigns, the vulnerability of social engineering victims, and co-utile protocol, which can manage information sharing on a social network is found.

Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

The experimental results and analysis show that the ML techniques is feasible in detecting general SE attack threat and some ML models are quite effective; ML-based SE threat detection is complementary with knowledge graph-based approaches; the generated datasets are usable.

SEIGuard: An Authentication-simplified and Deceptive Scheme to Protect Server-side Social Engineering Information Against Brute-force Attacks

This paper proposes an authentication-simplified and deceptive scheme (SEIGuard) to protect server-side social engineering information (SEI) against brute-force attacks. In SEIGuard, the password

References

SHOWING 1-10 OF 38 REFERENCES

Paving Ontological Foundation for Social Engineering Analysis

A comprehensive social engineering ontology is proposed, which is embedded with extensive knowledge from psychology and sociology, providing a full picture of social engineering, built on top of existing security ontologies in order to align social engineering analysis with typical security analysis as much as possible.

Towards an Ontological Model Defining the Social Engineering Domain

Concrete definitions for Social Engineering, Social Engineering attack and social engineer are provided and an ontological model for social engineering attack based on the analysis of existing definitions and taxonomies are presented.

A Description Logic Ontology for Email Phishing

This work proposes formalized description logic to build the knowledge base of phishing attacks and designs an ontology-oriented approach to add semantics on that knowledge, which could successfully complement anti-phishing systems.

Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods

A conceptual model is proposed which provides an integrative and structural perspective to describe how social engineering attacks work and is helpful to develop a domain ontology of social engineering in cybersecurity.

Defining Social Engineering in Cybersecurity

This paper attempts to address conceptual deficiencies of social engineering in cybersecurity (SEiCS) by proposing a more compatible and precise definition that eliminates the conceptual inconsistencies, covers the mainstream conceptual connotations, clarifies the conceptual boundary, mitigates the overgeneralization and abuse, etc.

Generic Taxonomy of Social Engineering Attack

A preliminary analysis on social engineering attack taxonomy is performed that emphasized on types of technical-based social engineeringAttack (SEA) and results become a guideline in proposing a new generic taxonomy of Social Engineering Attack (SEA).

An Ontology for Network Security Attacks

This review is based on standard texts, using well-known concepts, categorizations, and methods to construct a framework which is then used to define an extensible ontology for network security attacks.

Ontology Development 101: A Guide to Creating Your First Ontology

An ontology defines a common vocabulary for researchers who need to share information in a domain that includes machine-interpretable definitions of basic concepts in the domain and relations among them.

Kaitse tehnosotsiaalse sahkerdamise vastu. Contributions of Understanding And Defending Against Social Engineering Attacks

A novel taxonomy of social engineering attacks was proposed in order to understand the concept of the social engineering and gain insight of the representative socialengineering attacks through applying the taxonomy to them.

A Comprehensive Study of Social Engineering Based Attacks in India to Develop a Conceptual Model

An advanced model of Social Engineering based attacks was developed and can be used in development of Organization-wide Information Security policy and Information Security Awareness Program.