Social engineering in cybersecurity: a domain ontology and knowledge graph application examples-Reference-Cited by-同舟云学术

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Published:2021-08-02 Issue:1 Volume:4 Page:
ISSN:2523-3246
Container-title:Cybersecurity
language:en
Short-container-title:Cybersecur

Author:

Wang Zuoguang,Zhu Hongsong^ORCID,Liu Peipei,Sun Limin

Abstract

AbstractSocial engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.

Funder

National Key Research and Development Program of China

Joint Fund of the National Natural Science Foundation of China

Publisher

Springer Science and Business Media LLC

Subject

Artificial Intelligence,Computer Networks and Communications,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1186/s42400-021-00094-6.pdf

Reference23 articles.

1. Alshanfari, I, Ismail R, N.Zaizi J. M, Wahid FA (2020) Ontology-based formal specifications for social engineering. Int J Technol Manag Inform Syst 2:35–46.

2. Chitrey, A, Singh D, Singh V (2012) A comprehensive study of social engineering based attacks in india to develop a conceptual model. Int J Inform Netw Secur 1:45.

3. Damle, P (2002) Social engineering: A tip of the iceberg. Inform Syst Control J 2:51–52.

4. Fang, B (2018a) The Definitions of Fundamental Concepts In: Cyberspace Sovereignty : Reflections on building a community of common future in cyberspace, 1–52.. Springer, Singapore. https://doi.org/10.1007/978-981-13-0320-3_1.

5. Fang, B (2018b) Define cyberspace security. Chin J Netw Inform Secur 4:1–5.

Cited by 32 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Uncovering security vulnerabilities through multiplatform malware analysis;SECURITY AND PRIVACY;2024-08-19

2. Untargeted Adversarial Attack on Knowledge Graph Embeddings;Proceedings of the 47th International ACM SIGIR Conference on Research and Development in Information Retrieval;2024-07-10

3. Road Traffic Emissions Lead to Much Enhanced New Particle Formation through Increased Growth Rates;Environmental Science & Technology;2024-06-08

4. Research on the Construction of Network Security Attack Detection Model Based on Knowledge Graph;2024 IEEE 4th International Conference on Electronic Technology, Communication and Information (ICETCI);2024-05-24

5. A Cybersecurity Awareness Model for the Protection of Saudi Students from Social Media Attacks;Engineering, Technology & Applied Science Research;2024-04-02