ResearchSpace

Social engineering attack framework

Show simple item record

dc.contributor.author Mouton, F
dc.contributor.author Malany, MM
dc.contributor.author Leenen, l
dc.contributor.author Venter, HS
dc.date.accessioned 2015-03-12T10:24:54Z
dc.date.available 2015-03-12T10:24:54Z
dc.date.issued 2014-07
dc.identifier.citation Mouton, F, Malany, MM, Leenen, L, and Venter, HS. 2014. Social engineering attack framework. Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014 en_US
dc.identifier.isbn 978-1-4799-3383-9
dc.identifier.uri http://hdl.handle.net/10204/7954
dc.description Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website. en_US
dc.description.abstract The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks. en_US
dc.language.iso en en_US
dc.publisher Information Security for South Africa (ISSA), 2014 en_US
dc.relation.ispartofseries Workflow;14013
dc.subject Bidirectional Communication en_US
dc.subject Indirect Communication en_US
dc.subject Mitnick’sAttack Cycle en_US
dc.subject Ontological Model en_US
dc.subject Social Engineering Attack en_US
dc.subject Social Engineering en_US
dc.subject Framework en_US
dc.subject Unidirectional Communication en_US
dc.title Social engineering attack framework en_US
dc.type Conference Presentation en_US
dc.identifier.apacitation Mouton, F., Malany, M., Leenen, l., & Venter, H. (2014). Social engineering attack framework. Information Security for South Africa (ISSA), 2014. http://hdl.handle.net/10204/7954 en_ZA
dc.identifier.chicagocitation Mouton, F, MM Malany, l Leenen, and HS Venter. "Social engineering attack framework." (2014): http://hdl.handle.net/10204/7954 en_ZA
dc.identifier.vancouvercitation Mouton F, Malany M, Leenen l, Venter H, Social engineering attack framework; Information Security for South Africa (ISSA), 2014; 2014. http://hdl.handle.net/10204/7954 . en_ZA
dc.identifier.ris TY - Conference Presentation AU - Mouton, F AU - Malany, MM AU - Leenen, l AU - Venter, HS AB - The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks. DA - 2014-07 DB - ResearchSpace DP - CSIR KW - Bidirectional Communication KW - Indirect Communication KW - Mitnick’sAttack Cycle KW - Ontological Model KW - Social Engineering Attack KW - Social Engineering KW - Framework KW - Unidirectional Communication LK - https://researchspace.csir.co.za PY - 2014 SM - 978-1-4799-3383-9 T1 - Social engineering attack framework TI - Social engineering attack framework UR - http://hdl.handle.net/10204/7954 ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record