Journal
Scientific and Technical Journal of Information Technologies, Mechanics and Optics
UDK004.056.53
Issue:2 (114)
Download PDF0 Kbyte
ANALYSIS OF USERS’ PROTECTION FROM SOCIO-ENGINEERING ATTACKS: SOCIAL GRAPH CREATION BASED ON INFORMATION FROM SOCIAL NETWORK WEBSITES
Annotation
Subject of Research. The paper deals with accounts in social network websites as a source of information about the intensity of communication between employees in the team. On their basis we form success probability estimates for the spread of malefactorsocio-engineering attack on the user. Scope of Research. The research goal is to build a success assessment for malefactormulti-pass socio-engineering attack on the user based on information obtained from the accounts of company employees in social network websites which characterizes communication intensity between them. The research is aimed at development of models and algorithms for socio-engineering attack spreading on the collapsed social graph of the company and description of methods for calculation of security estimates for the information system users from multi-pass socio-engineering attacks, such attacks, where the target and the entry point do not match. Method. The methods are used of information searching, comparing and analyzing, which characterizes communication intensity between company employees, and data extracted from their accounts in social network websites. Success probability estimate of multi-pass socio-engineering attack reduces to probability estimate creation of a complex event. Main Results. A formula is presented for calculating of probability estimates of socio-engineering attack propagation between users. The estimates obtained in this way are compared to the arcs in the company's social graph, which is used in turn to assess the success probability of a multi-pass socio-engineering attack, the attack, passing through a chain of users. In the earlier studies, estimates of probabilities were defined expertly. The advantages of calculation automating of probability estimates based on data received from social network websites are described. Research Novelty.The paper considers approaches to probabilistic estimates of multi-pass socio-engineering attack success where attacks are intermediate, non-direct, and non-reducible to a single malefactoract. These estimates take into account user’s links in his or her social graph; the parameters of those links are based on the data obtained from social media/networks. Practical Relevance.The approach proposed in this paper provides the basis for further analysis of possible propagation trajectories of multi-pass social engineering attacks, as well as calculation of the probability of each such trajectory that in turn helps to expand the number of factors affecting the security evaluation of the information system users, and gives the possibility to set the backtracking task for attacks in one of the successful forms for finding solutions.
Keywords
Постоянный URL
Articles in current issue
- ON MODERN APPROACH TO AIRPLANE-TYPE UNMANNED AERIAL VEHICLES DESIGN WITH SHORT TAKEOFF AND LANDING PART III. NUMERICAL MODELING OF AIRCRAFT VORTEX AERODYNAMICS BY DISCRETE VORTEX METHOD
- LOCALIZED LASER VAPORIZATION OF FILMS WITH COMPLEX TOPOLOGIES FOR SURFACE ACOUSTIC WAVE MICROGYROSCOPE SENSOR
- OPTICAL FIELD AMPLITUDE DISTRIBUTION ON THE PATTERN PLATE OF OPTOELECTRONIC SYSTEM FOR MEASURING OF DITHER SYSTEM PARAMETERS IN RING LASER GYRO
- CHOOSING PARAMETERS OF SPATIAL POSITION CONTROL OPTICAL-ELECTRONIC SYSTEMS WITH ACTIVE REFERENCE MARKS
- DEFORMATION CONTROL METHOD OF COMPOSITE STRUCTURAL ELEMENTS BY FIBER-OPTIC ACOUSTIC EMISSION SENSOR
- SEMICONDUCTOR FREQUENCY STANDARD BASED ON P(16) SPECTRAL LINE OF ACETYLENE ISOTOPE WITH TEMPERATURE STABILIZATION BY PHASE MODULATION
- ELECTRIC GENERATOR CONTROL UNDER HIGH-FREQUENCY MEASUREMENT NOISES
- KNOWLEDGE TRANSFER FOR RUSSIAN CONVERSATIONAL TELEPHONE AUTOMATIC SPEECH RECOGNITION
- AUDIO-VISUAL SPEECH PROCESSING AND ANALYSIS BASED ON SUBSPACE PROJECTIONS
- EFFICIENCY IMPROVEMENT OF CODING METHOD BY INTRAFRAME PREDICTION IN H.265 / HEVC STANDARD
- DATABASE SEMANTIC MODEL APPLICATION IN NATURAL LANGUAGE USER INTERFACE DEVELOPMENT PROCESS
- INDUSTRY 4.0 DIGITAL PRODUCTION ORGANIZATION BASED ON CYBER AND PHYSICAL SYSTEMS AND ONTOLOGIES
- INFORMATIVE FEATURE SELECTION IN SOFTWARE IDENTIFICATION TASK
- DESIGN, DEVELOPMENT AND MAINTENANCE METHODOLOGY OF DOMAIN SEMANTIC PORTALS OF SCIENTIFIC AND TECHNICAL INFORMATION
- APPLICATION OF MAСHINE LEARNING METHODS FOR DETECTING OF JPEG IMAGE INTEGRITY VIOLATIONS
- OBJECT-PROCESS DATA MODEL FOR SERVICE-ORIENTED ARCHITECTURE OF INTEGRATED INFORMATION SYSTEMS
- OPTIMAL MATHEMATICAL MODEL FOR DESCRIPTION OF PHYSICAL PHENOMENA AND TECHNOLOGICAL PROCESSES
- SYNTHESIS METHOD OF DIGITAL-TO-ANALOG CONVERTER SCHEMATIC MODELS FOR INTEGRATED CIRCUITS
- INTEGRATED CIRCUITS TIMING ANALYSIS WITH ACCOUNT OF PAD MODELS AND BOND WIRES
- ACCURACY INCREASE FOR AUTOMATIC VISUAL RUSSIAN SPEECH RECOGNITION: VISEME CLASSES OPTIMIZATION
- FEATURE COMBINATION FOR THE TASK OF NEURAL NETWORK ACOUSTIC MODEL LEARNING