Istituto di Informatica e Telematica     
Yautsiukhin A., Krautsevich L., Beckers K. Analysis of Social Engineering Threats with Attack Graphs. In: The 3rd International Workshop on Quantitative Aspects in Security Assurance (Wroclow, 2014). Proceedings, pp. 216 - 232. (Lecture Notes in Computer Science). Springer, 2014.
Social engineering is the acquisition of information about computer systems through non-technical means. While technical security of most critical systems is high, these systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (a) does not require any (advanced) technical tools, (b) can be used by anyone, (c) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy
Subject attack graph, metrics, risk
Analysis of Social Engineering Threats with Attack Graphs

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional