An approach to estimating of criticality of social engineering attacks traces

Research output

Abstract

In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem
of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering
models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

Cite this

@article{344eaa770bca4870a0994da4329bd074,
title = "An approach to estimating of criticality of social engineering attacks traces",
abstract = "In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.",
keywords = "multi-pass social engineering attacks, social graph of company employees, critical trajectories in social graph, social engineering attacks, users protect, information security",
author = "Хлобыстова, {Анастасия Олеговна} and Абрамов, {Максим Викторович} and Тулупьев, {Александр Львович}",
year = "2019",
doi = "10.1007/978-3-030-12072-6\_36",
language = "English",
pages = "446--456",
journal = "Studies in Systems, Decision and Control",
issn = "2198-4182",
publisher = "Springer",

}

TY - JOUR

T1 - An approach to estimating of criticality of social engineering attacks traces

AU - Хлобыстова, Анастасия Олеговна

AU - Абрамов, Максим Викторович

AU - Тулупьев, Александр Львович

PY - 2019

Y1 - 2019

N2 - In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

AB - In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

KW - multi-pass social engineering attacks, social graph of company employees, critical trajectories in social graph, social engineering attacks, users protect, information security

U2 - 10.1007/978-3-030-12072-6\_36

DO - 10.1007/978-3-030-12072-6\_36

M3 - Conference article

SP - 446

EP - 456

JO - Studies in Systems, Decision and Control

JF - Studies in Systems, Decision and Control

SN - 2198-4182

ER -