A Semi-automated Security Advisory System to Resist Cyber-Attack in Social Networks

Social networking sites often witness various types of social engineering (SE) attacks. Yet, limited research has addressed the most severe types of social engineering in social networks (SNs). The present study investigates the extent to which people respond differently to different types of attack in a social network context and how we can segment users based on their vulnerability. In turn, this leads to the prospect of a personalised security advisory system. 316 participants have completed an online-questionnaire that includes a scenario-based experiment. The study result reveals that people respond to cyber-attacks differently based on their demographics. Furthermore, people’s competence, social network experience, and their limited connections with strangers in social networks can decrease their likelihood of falling victim to some types of attacks more than others.

[1]  George R. S. Weir,et al.  Competence measure in social networks , 2017, 2017 International Carnahan Conference on Security Technology (ICCST).

[2]  J. Ezingeard,et al.  Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users , 2016 .

[3]  Yue Xu,et al.  Susceptibility to Social Engineering in Social Networking Sites: The Case of Facebook , 2015, ICIS.

[4]  Jean Underwood,et al.  When 'friends' collide: Social heterogeneity and user vulnerability on social network sites , 2016, Comput. Hum. Behav..

[5]  Hannes Holm,et al.  Using phishing experiments and scenario-based surveys to understand security behaviours in practice , 2014, Inf. Manag. Comput. Secur..

[6]  Konstantinos E. Psannis,et al.  Defending against phishing attacks: taxonomy of methods, current issues and future directions , 2017, Telecommunication Systems.

[7]  Taizan Chan,et al.  What Is the Influence of Users’ Characteristics on Their Ability to Detect Phishing Emails? , 2015 .

[8]  Vladlena Benson,et al.  Purpose of social networking use and victimisation: Are there any differences between university students and those not in HE? , 2015, Comput. Hum. Behav..

[9]  Jun Hu,et al.  Security Issues in Online Social Networks , 2011, IEEE Internet Computing.

[10]  J. G. Mohebzada,et al.  Phishing in a university community: Two large scale phishing experiments , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[11]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[12]  George R. S. Weir,et al.  Vulnerability to social engineering in social networks: a proposed user-centric framework , 2016, 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF).

[13]  Jason R. C. Nurse,et al.  Baiting the hook: factors impacting susceptibility to phishing attacks , 2016, Human-centric Computing and Information Sciences.

[14]  Pieter H. Hartel Review of "P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M. Blair, T. Pham, School of phish: a real-world evaluation of anti-phishing training" , 2010 .

[15]  Arun Vishwanath,et al.  Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility , 2018, Commun. Res..

[16]  Adam N. Joinson,et al.  Individual differences in susceptibility to online influence: A theoretical review , 2017, Comput. Hum. Behav..

[17]  Sanjay Goel,et al.  Got Phished? Internet Security and Human Vulnerability , 2017, J. Assoc. Inf. Syst..

[18]  Michael I. Jordan,et al.  Machine learning: Trends, perspectives, and prospects , 2015, Science.

[19]  Pieter H. Hartel,et al.  Spear phishing in organisations explained , 2017, Inf. Comput. Secur..

[20]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[21]  Arun Vishwanath,et al.  Habitual Facebook Use and its Impact on Getting Deceived on Social Media , 2015, J. Comput. Mediat. Commun..

[22]  Syed Saad Andaleeb Market Segmentation, Targeting and Positioning , 2016 .

[23]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[24]  George R. S. Weir,et al.  that influence judgment of social engineering attacks in social networks , 2018 .

[25]  Jong Hyuk Park,et al.  XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs , 2017, J. Inf. Process. Syst..