Generic Taxonomy of Social Engineering Attack

Social engineering is a type of attack that allows unauthorized access to a system to achieve specific objective. Commonly, the purpose is to obtain information for social engineers. Some successful social engineering attacks get victims’ information via human based retrieval approach, example technique terms as dumpster diving or shoulder surfing attack to get access to password. Alternatively, victims’ information also can be stolen using technical-based method such as from pop-up windows, email or web sites to get the password or other sensitive information. This research performed a preliminary analysis on social engineering attack taxonomy that emphasized on types of technical-based social engineering attack. Results from the analysis become a guideline in proposing a new generic taxonomy of Social Engineering Attack (SEA).

[1]  Andrea J. Cullen,et al.  Social Engineering Detection Using Neural Networks , 2009, 2009 International Conference on CyberWorlds.

[2]  Tim Thornburgh Social engineering: the "Dark Art" , 2004, InfoSecCD '04.

[3]  Sarah Granger,et al.  Social Engineering Fundamentals, Part I: Hacker Tactics , 2003 .

[4]  Thomas Peltier,et al.  Social Engineering: Concepts and Solutions , 2006 .

[5]  Igor V. Kotenko,et al.  Security Analysis of Information Systems Taking into Account Social Engineering Attacks , 2011, 2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing.

[6]  Lech J. Janczewski,et al.  Social engineering-based attacks: Model and new zealand perspective , 2010, Proceedings of the International Multiconference on Computer Science and Information Technology.

[7]  InduShobha N. Chengalur-Smith,et al.  An overview of social engineering malware: Trends, tactics, and implications , 2010 .

[8]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[9]  Douglas P. Twitchell Social engineering in information assurance curricula , 2006, InfoSecCD '06.

[10]  Ho-Jin Choi,et al.  Preventing Social Engineering in Ubiquitous Environment , 2007, Future Generation Communication and Networking (FGCN 2007).

[11]  Hein S. Venter,et al.  Social engineering attack detection model: SEADM , 2010, 2010 Information Security for South Africa.

[12]  KvedarDerek,et al.  The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition , 2010 .

[13]  Judee K. Burgoon,et al.  An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering , 2007, 2007 IEEE Intelligence and Security Informatics.

[14]  Guido Rößling,et al.  Social engineering: a serious underestimated problem , 2009, ITiCSE '09.

[15]  Stefano Zanero,et al.  A social-engineering-centric data collection initiative to study phishing , 2011, BADGERS '11.

[16]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[17]  David Mills Analysis of a social engineering threat to information security exacerbated by vulnerabilities exposed through the inherent nature of social networking websites , 2009 .