论文信息 - Detecting Social Engineering

Detecting Social Engineering

This paper focuses on detecting social engineering attacks perpetrated over phone lines. Current methods for dealing with social engineering attacks rely on security policies and employee training, which fail because the root of the problem, people, are still involved. Our solution relies on computer systems to analyze phone conversations in real time and determine if the caller is deceiving the receiver. The technologies employed in the proposed Social Engineering Defense Architecture (SEDA) are in the proof-of-concept phase but are, nevertheless, tractable. An important byproduct of this work is the generation of real-time signatures, which can be used in forensic investigations.

Marcus K. Rogers | Michael D. Hoeschele | M. Rogers

[1] Daniel B. Horn,et al. Patterns of entry and correction in large vocabulary continuous speech recognition systems , 1999, CHI '99.

[2] D. Gragg. A Multi-Level Defense Against Social Engineering , 2003 .

[3] John Vergo,et al. MedSpeak: report creation with continuous speech recognition , 1997, CHI.

[4] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .

[5] Victor Raskin,et al. Semantic forensics: An application of ontological semantics to information assurance , 2004 .

[6] Martin P. Loeb,et al. CSI/FBI Computer Crime and Security Survey , 2004 .

[7] Richard E. Petty,et al. A cognitive response analysis of the temporal persistence of attitude changes induced by persuasive communications , 1977 .

[8] W. Tolman,et al. Social Engineering , 2014, Encyclopedia of Social Network Analysis and Mining.

[9] Marcus K. Rogers,et al. Social Engineering: The Forgotten Risk , 2000 .

[10] Alok Sinha. Client-server computing , 1992, CACM.

[11] James A. Forrest,et al. Detecting Deception and Judge’s Involvement: Lower Task Involvement Leads to Better Lie Detection , 2000 .

[12] P. Ekman,et al. Who can catch a liar? , 1991, The American psychologist.

[13] Harold F. Tipton,et al. Information security management handbook, Sixth Edition , 2003 .

[14] Simon Frantz. Liar liar , 2002, Nature Reviews Molecular Cell Biology.