Abstract
The article is devoted to the development of a method for analyzing the sustainability of the structure of access policies to the social engineering attack actions of the malefactor. The analysis of sustainability in this case is the calculation of aggregated probabilistic estimates of success of a social engineering attack actions of the malefactor to certain confidential data that is stored in the information system. The approach is based on data on the user’s vulnerabilities profile, the calculation of probability estimates of this profile, as well as the formation of a structure of access policies that is more stable to social engineering attacks, and is built on the basis of genetic algorithms. This approach makes it possible to determine the configuration of users of the information system that is the most stable to the malefactor’s social engineering attacks. The report describes the general principles of the proposed approach and presents the results of computational experiments.
The results were partially supported by RFBR, project No. 18-37-00340, and Governmental contract (SPIIRAS) No. 0073-2019-0003.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abramov, M., Azarov, A., Tulupyeva, T., Tulupyev, A.: Model of malefactor competencies profile for analyzing information system personnel security from social engineering attacks. Inf. Control Syst. 4, 77–84 (2016)
Azarov, A., Tulupyev, A., Solovtsov, N., Tulupyeva, T.: SQL representation of relational and probabilistic models of socio-engineering attacks in problems of calculation of the aggregated estimates of information system’s personnel security taking into account scales of communications between users. SPIIRAS Proc. 24, 41–53 (2013)
Azarov, A., Tulupyeva, T., Suvorova, A., Tulupyev, A., Abramov, M., Yusupov, R.: Social Engineering Attacks. The Problems of Analysis. St. Petersburg, 352 p. (2016)
Azarov, A., Abramov, M., Tulupyeva, T., Tulupyev, A.: Users’ of information system protection analysis from malefactor’s social engineering attacks taking into account malefactor’s competence profile. In: Biologically Inspired Cognitive Architectures (BICA) for Young Scientists, pp. 25–30 (2016)
Aysun, B., Birgul, K.: Current state and future trends in location recommender systems. Int. J. Inf. Technol. Comput. Sci. (IJITCS) 9(6), 1–8 (2017)
Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629–3654 (2017). https://doi.org/10.1007/s00521-016-2275-y
Huda, A., Živanović, R.: Accelerated distribution systems reliability evaluation by multilevel Monte Carlo simulation: implementation of two discretisation schemes. IET Gener. Transm. Distrib. 11(13), 3397–3405 (2017)
Kammogne, S.T.A., Fotsin, H.B.: A secure communication scheme using generalized modified projective synchronization of coupled colpitts oscillators. Int. J. Math. Sci. Comput. (IJMSC) 4(1), 56–70 (2018)
Liu, J., Lyu, Q., Wang, Q., Yu, X.: A digital memories based user authentication scheme with privacy preservation. PLoS ONE 12(11), 0186925 (2017)
R Core Team. R: A language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria. https://www.R-project.org/. Accessed 08 May 2019
Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., Kusev, P.: Risk perceptions of cyber-security and precautionary behavior. Comput. Hum. Behav. 62(11), 5678–5693 (2017)
Struharik, R., Vukobratović, B.: A system for hardware aided decision tree ensemble evolution. J. Parallel Distrib. Comput. 112, 67–83 (2018)
Terlizzi, M., Meirelles, F., Viegas Cortez da Cunha, M.: Behavior of Brazilian banks employees on Facebook and the cybersecurity governance. J. Appl. Secur. Res. 12(2), 224–252 (2017)
Willighagen, E., Ballings, M.: R Based Genetic Algorithm. R package version 0.2.0 (2015). https://CRAN.R-project.org/package=genalg. Accessed 08 May 2019
Zhou, S., Han, J., Tang, H.: Research on trusted industrial control ethernet network. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 2(2), 40–46 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Azarov, A., Suvorova, A., Koroleva, M., Vasileva, O. (2020). Aggregate Estimates for Probability of Social Engineering Attack Success: Sustainability of the Structure of Access Policies. In: Hu, Z., Petoukhov, S., He, M. (eds) Advances in Intelligent Systems, Computer Science and Digital Economics. CSDEIS 2019. Advances in Intelligent Systems and Computing, vol 1127. Springer, Cham. https://doi.org/10.1007/978-3-030-39216-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-39216-1_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39215-4
Online ISBN: 978-3-030-39216-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)