TY - GEN

T1 - Time-Based Model of the Success of a Malefactor’s Multistep Social Engineering Attack on a User

AU - Khlobystova, A.

AU - Abramov, M.

N1 - Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - Multistep social engineering attacks (that involve a chain of users) are a serious threat to an organization’s information security. Usually such attacks require an integrated approach to reduce the probability of their success. This approach can be analysis of the social graph with modeling of scenarios for the spread of multistep social engineering attacks, highlighting the most critical among them, the development of ways to reduce criticality and directly implement the most effective measures. The goal of this work was to improve the approach to modeling multistep social engineering attack by including the factor of accidents in the model of a malefactor’s actions. The novelty of the research lies in the proposal of the new approach to the analysis of multistep social engineering attacks, taking into account the factor of accidents of the malefactor’s actions. The theoretical significance of the work is to create a foundation for further modeling and analysis of multistep social engineering attacks. The practical significance of the study lies in the formation of a tool for a comprehensive analysis of the organization to identify the most critical scenarios for the development of social engineering attacks.

AB - Multistep social engineering attacks (that involve a chain of users) are a serious threat to an organization’s information security. Usually such attacks require an integrated approach to reduce the probability of their success. This approach can be analysis of the social graph with modeling of scenarios for the spread of multistep social engineering attacks, highlighting the most critical among them, the development of ways to reduce criticality and directly implement the most effective measures. The goal of this work was to improve the approach to modeling multistep social engineering attack by including the factor of accidents in the model of a malefactor’s actions. The novelty of the research lies in the proposal of the new approach to the analysis of multistep social engineering attacks, taking into account the factor of accidents of the malefactor’s actions. The theoretical significance of the work is to create a foundation for further modeling and analysis of multistep social engineering attacks. The practical significance of the study lies in the formation of a tool for a comprehensive analysis of the organization to identify the most critical scenarios for the development of social engineering attacks.

KW - Epidemic model

KW - Heterogeneous network models

KW - Information security

KW - Multistep social engineering attacks

KW - SIS model

KW - Social engineering

KW - Social graph

UR - http://www.scopus.com/inward/record.url?scp=85115883280&partnerID=8YFLogxK

UR - https://www.mendeley.com/catalogue/e0a35907-483c-3839-bf91-377c8f92c999/

U2 - 10.1007/978-3-030-87178-9_22

DO - 10.1007/978-3-030-87178-9_22

M3 - Conference contribution

AN - SCOPUS:85115883280

SN - 9783030871772

T3 - Lecture Notes in Networks and Systems

SP - 216

EP - 223

BT - Proceedings of the 5th International Scientific Conference “Intelligent Information Technologies for Industry”, IITI 2021

A2 - Kovalev, Sergey

A2 - Tarassov, Valery

A2 - Snasel, Vaclav

A2 - Sukhanov, Andrey

PB - Springer Nature

T2 - 5th International Scientific Conference on Intelligent Information Technologies for Industry, IITI 2021

Y2 - 30 September 2021 through 4 October 2021

ER -