IIT Home Page CNR Home Page

Using Attack Graphs to Analyze Social Engineering Threats

Social engineering is the acquisition of information about computer systems by methods that deeply include  non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and
propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.


International Journal of Secure Software Engineering, 2015

Autori esterni: Kristian Beckers Kristian (University of Duisburg)
Autori IIT:

Leanid Krautsevich

Foto di Leanid Krautsevich

Tipo: Articoli su riviste non ISI con referee internazionali
Area di disciplina: Computer Science & Engineering

Attività: Metodi formali per la sicurezza di sistemi ICT