An approach to estimating of criticality of social engineering attacks traces

Research output: Contribution to journalConference articleResearchpeer-review

Abstract

In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem
of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering
models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

Keywords

    Cite this

    @article{344eaa770bca4870a0994da4329bd074,
    title = "An approach to estimating of criticality of social engineering attacks traces",
    abstract = "In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.",
    keywords = "multi-pass social engineering attacks, social graph of company employees, critical trajectories in social graph, social engineering attacks, users protect, information security",
    author = "Хлобыстова, {Анастасия Олеговна} and Абрамов, {Максим Викторович} and Тулупьев, {Александр Львович}",
    year = "2019",
    doi = "10.1007/978-3-030-12072-6\_36",
    language = "English",
    pages = "446--456",
    journal = "Studies in Systems, Decision and Control",
    issn = "2198-4182",
    publisher = "Springer",

    }

    An approach to estimating of criticality of social engineering attacks traces. / Хлобыстова, Анастасия Олеговна; Абрамов, Максим Викторович; Тулупьев, Александр Львович.

    In: Studies in Systems, Decision and Control, 2019, p. 446-456.

    Research output: Contribution to journalConference articleResearchpeer-review

    TY - JOUR

    T1 - An approach to estimating of criticality of social engineering attacks traces

    AU - Хлобыстова, Анастасия Олеговна

    AU - Абрамов, Максим Викторович

    AU - Тулупьев, Александр Львович

    PY - 2019

    Y1 - 2019

    N2 - In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

    AB - In this article we propose to consider the trajectories of social engineering attacks, which are the most critical from the point of view of the expected damage to the organization, and not from the point of view of the probability of success of the defeat of the user and, indirectly, critical documents to which he has access. The article proposes an approach to solving the problem of identifying the most critical path of multiway socio-engineering attack. The most critical trajectory in this article is understood as the most probable trajectory of the attack, which will bring the greatest damage to the organization. As a further development of the research direction, we can consider models that describe in more detail the context and take into account the distribution of the probability of hitting the proportion of documents available to the user, offering models for building integrated damage estimates associated with the affected user, various access policies and accounting for the hierarchy of documents in terms of their criticality or value.

    KW - multi-pass social engineering attacks, social graph of company employees, critical trajectories in social graph, social engineering attacks, users protect, information security

    U2 - 10.1007/978-3-030-12072-6\_36

    DO - 10.1007/978-3-030-12072-6\_36

    M3 - Conference article

    SP - 446

    EP - 456

    JO - Studies in Systems, Decision and Control

    JF - Studies in Systems, Decision and Control

    SN - 2198-4182

    ER -