Dissecting Social Engineering Attacks Through the Lenses of Cognition

被引：9

作者：

Burda, Pavlo ^{[1
]}

Allodi, Luca ^{[1
]}

Zannone, Nicola ^{[1
]}

机构：

[1] Eindhoven Univ Technol, Eindhoven, Netherlands

来源：

2021 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2021) | 2021年

关键词：

social engineering; cognitive science; SUSCEPTIBILITY; VULNERABILITY; ATTENTION; SECURITY; JUDGMENT;

D O I：

10.1109/EuroSPW54576.2021.00024

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper we present, showcase, and analize a novel framework to dissect Social Engineering (SE) attacks. The framework is based on extant theories in the cognitive sciences, and is meant as an instrument for researchers and practitioners alike to structure and analyze SE attacks of varying sophistication, isolating specific features and their effects at the cognitive level, and providing a common structure for comparisons across different attacks. We showcase the framework against attacks reproduced in the academic literature as well as against real (highly-targeted) SE attacks reported in the wild, isolating and relating effects and techniques adopted by the attackers to the target's cognitive process. We discuss implications for research and practice of the proposed framework.

引用

页码：149 / 160

页数：12

共 51 条

[1]

Agrafiotis I, 2015, COMPUT FRAUD SECUR, P9

[2] The Need for New Antiphishing Measures Against Spear-Phishing Attacks [J].