Social engineering in social networking sites: Affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs) have been identified as some of the most common means of social engineering attacks. Due to factors that reduce users' ability to detect social engineering tricks and increase attackers' ability to launch them, SNSs seem to be perfect breeding grounds for exploiting people's vulnerabilities and the weakest link in security. This work will contribute to the social engineering knowledge base by identifying different entities and sub-entities that affect social-engineering-based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

[1]  E.J. Weyuker,et al.  Using Developer Information as a Factor for Fault Prediction , 2007, Third International Workshop on Predictor Models in Software Engineering (PROMISE'07: ICSE Workshops 2007).

[2]  Nicole B. Ellison,et al.  Social network sites: definition, history, and scholarship , 2010 .

[3]  Andreas Zeller,et al.  Mining metrics to predict component failures , 2006, ICSE.

[4]  Yue Jiang,et al.  Techniques for evaluating fault prediction models , 2008, Empirical Software Engineering.

[5]  Principal Investigator,et al.  Manufactured Consent and Cyberwar , 2010 .

[6]  Samuel T. C. Thompson Helping the Hacker? Library Information, Security, and Social Engineering , 2006 .

[7]  Norman E. Fenton,et al.  Quantitative Analysis of Faults and Failures in a Complex Software System , 2000, IEEE Trans. Software Eng..

[8]  Yue Jiang,et al.  Comparing design and code metrics for software quality prediction , 2008, PROMISE '08.

[9]  S. Grossberg,et al.  Psychological Review , 2003 .

[10]  Giuliano Antoniol,et al.  Recovering Traceability Links between Code and Documentation , 2002, IEEE Trans. Software Eng..

[11]  Cagatay Catal,et al.  Software fault prediction: A literature review and current trends , 2011, Expert Syst. Appl..

[12]  H. Kelley,et al.  Communication and Persuasion: Psychological Studies of Opinion Change , 1982 .

[13]  Harald C. Gall,et al.  Tracking concept drift of software projects using defect prediction quality , 2009, 2009 6th IEEE International Working Conference on Mining Software Repositories.

[14]  Thomas M. Chen,et al.  Malicious and Spam Posts in Online Social Networks , 2011, Computer.

[15]  B. J. Fogg,et al.  Six Patterns for Persuasion in Online Social Networks , 2008, PERSUASIVE.

[16]  Lionel C. Briand,et al.  A systematic and comprehensive investigation of methods to build and evaluate fault prediction models , 2010, J. Syst. Softw..

[17]  Richard G. Brody,et al.  Flying under the radar: social engineering , 2012 .

[18]  Hisakazu Hada,et al.  Is that really you?: an approach to assure identity without revealing real-name online , 2009, DIM '09.

[19]  Ming Zhao,et al.  A comparison between software design and code metrics for the prediction of software fault content , 1998, Inf. Softw. Technol..

[20]  A. Zeller,et al.  Predicting Defects for Eclipse , 2007, Third International Workshop on Predictor Models in Software Engineering (PROMISE'07: ICSE Workshops 2007).

[21]  J. Singer,et al.  Cognitive, social, and physiological determinants of emotional state. , 1962, Psychological review.

[22]  Giuliano Antoniol,et al.  Object-oriented design patterns recovery , 2001, J. Syst. Softw..

[23]  Daniela E. Damian,et al.  Predicting build failures using social network analysis on developer communication , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[24]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[25]  Steven A. Mccornack Information manipulation theory , 1992 .

[26]  A. Maslow A Theory of Human Motivation , 1943 .

[27]  Thomas Peltier,et al.  Social Engineering: Concepts and Solutions , 2006 .

[28]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[29]  Michele Lanza,et al.  Evaluating defect prediction approaches: a benchmark and an extensive comparison , 2011, Empirical Software Engineering.

[30]  Peter Pecho,et al.  Social Networks Security , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[31]  Hein S. Venter,et al.  Social engineering attack detection model: SEADM , 2010, 2010 Information Security for South Africa.

[32]  KvedarDerek,et al.  The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition , 2010 .

[33]  C. I. Hovland,et al.  Social Judgment: Assimilation and Contrast Effects in Communication and Attitude Change , 1981 .

[34]  Scott D. Applegate Social Engineering: Hacking the Wetware! , 2009, Inf. Secur. J. A Glob. Perspect..

[35]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[36]  Ali Darwish,et al.  Towards understanding phishing victims' profile , 2012, 2012 International Conference on Computer Systems and Industrial Informatics.

[37]  Lionel C. Briand,et al.  Toward the Reverse Engineering of UML Sequence Diagrams for Distributed Java Software , 2006, IEEE Transactions on Software Engineering.

[38]  P. Young,et al.  Emotion and personality , 1963 .

[39]  Jing Liu,et al.  An Analysis of Security in Social Networks , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[40]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[41]  R. Cialdini Influence: Science and Practice , 1984 .

[42]  Douglas P. Twitchell Social engineering in information assurance curricula , 2006, InfoSecCD '06.

[43]  Tim Thornburgh Social engineering: the "Dark Art" , 2004, InfoSecCD '04.

[44]  K. R. Hammond Judgments Under Stress , 1999 .

[45]  John B. Watson,et al.  A schematic outline of the emotions. , 1919 .

[46]  Yue Jiang,et al.  Fault Prediction using Early Lifecycle Data , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[47]  John T. Cacioppo,et al.  The Elaboration Likelihood Model of Persuasion , 1986, Advances in Experimental Social Psychology.

[48]  Bojan Cukic,et al.  Robust prediction of fault-proneness by random forests , 2004, 15th International Symposium on Software Reliability Engineering.

[49]  Kathryn Parsons,et al.  Information Management & Computer Security Why do some people manage phishing e-mails better than others ? , 2016 .

[50]  S. Grazioli Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception Over the Internet , 2004 .

[51]  B. J. Fogg,et al.  Online Persuasion in Facebook and Mixi: A Cross-Cultural Comparison , 2008, PERSUASIVE.

[52]  R. Sternbach Emotion and Personality; Vol. 2: Neurological and Physiological Aspects , 1961 .

[53]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[54]  Ahmed E. Hassan,et al.  Studying the Impact of Social Structures on Software Quality , 2010, 2010 IEEE 18th International Conference on Program Comprehension.

[55]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .

[56]  Kent Marett,et al.  Self-efficacy, Training Effectiveness, and Deception Detection: A Longitudinal Study of Lie Detection Training , 2004, ISI.

[57]  David S. Rosenblum,et al.  What Anyone Can Know: The Privacy Risks of Social Networking Sites , 2007, IEEE Security & Privacy.

[58]  Dejan Verčič,et al.  Public relations research : an international perspective , 1997 .

[59]  Christopher Hadnagy,et al.  Social Engineering: The Art of Human Hacking , 2010 .

[60]  W. James II.—WHAT IS AN EMOTION ? , 1884 .

[61]  Gerardo Canfora,et al.  New Frontiers of Reverse Engineering , 2007, Future of Software Engineering (FOSE '07).

[62]  W. Cannon The James-Lange theory of emotions: a critical examination and an alternative theory. By Walter B. Cannon, 1927. , 1927, American Journal of Psychology.

[63]  Tom Pyszczynski,et al.  Why Do We Need What We Need? A Terror Management Perspective on the Roots of Human Social Motivation , 1997 .

[64]  Norman E. Fenton,et al.  A Critique of Software Defect Prediction Models , 1999, IEEE Trans. Software Eng..

[65]  Ahmed E. Hassan,et al.  Predicting faults using the complexity of code changes , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[66]  Sofie Vandoninck,et al.  Social networking sites and contact risks among Flemish youth , 2012 .

[67]  Sophia Alim,et al.  Axioms for vulnerability measurement of online social network profiles , 2011, International Conference on Information Society (i-Society 2011).

[68]  Andreas Zeller,et al.  Predicting component failures at design time , 2006, ISESE '06.

[69]  Taghi M. Khoshgoftaar,et al.  Tree-based software quality estimation models for fault prediction , 2002, Proceedings Eighth IEEE Symposium on Software Metrics.

[70]  Richard E Petty,et al.  Thought confidence as a determinant of persuasion: the self-validation hypothesis. , 2002, Journal of personality and social psychology.

[71]  S. Kerr On the folly of rewarding A, while hoping for B. , 1975 .

[72]  Judee K. Burgoon,et al.  An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering , 2007, 2007 IEEE Intelligence and Security Informatics.

[73]  Calton Pu,et al.  Reverse Social Engineering Attacks in Online Social Networks , 2011, DIMVA.

[74]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[75]  Sevgi Özkan,et al.  User Awareness Measurement Through Social Engineering , 2011, ArXiv.

[76]  Niclas Ohlsson,et al.  Predicting Fault-Prone Software Modules in Telephone Switches , 1996, IEEE Trans. Software Eng..

[77]  Elaine J. Weyuker,et al.  Do too many cooks spoil the broth? Using the number of developers to enhance defect prediction models , 2008, Empirical Software Engineering.

[78]  N. Nagappan,et al.  Static analysis tools as early indicators of pre-release defect density , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[79]  Yue Xu,et al.  Social engineering in social networking sites: phase-based and source-based models , 2013 .

[80]  X. Bosch The Lucifer Effect: Understanding How Good People Turn Evil , 2007 .

[81]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[82]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[83]  C. L. Hull The conflicting psychologies of learning—a way out. , 1935 .

[84]  Patti M. Valkenburg,et al.  Characteristics and Motives of Adolescents Talking with Strangers on the Internet , 2006, Cyberpsychology Behav. Soc. Netw..

[85]  Michael Workman,et al.  Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008, J. Assoc. Inf. Sci. Technol..

[86]  Yuguang Fang,et al.  Privacy and security for online social networks: challenges and opportunities , 2010, IEEE Network.

[87]  Ioannis Mavridis,et al.  Surveying Privacy Leaks Through Online Social Network , 2010, 2010 14th Panhellenic Conference on Informatics.

[88]  T. Zimmermann,et al.  Predicting Faults from Cached History , 2007, 29th International Conference on Software Engineering (ICSE'07).

[89]  I. Rosenstock Historical Origins of the Health Belief Model , 1974 .

[90]  A behavioristic account of the emotions , 2022 .

[91]  L. Aldoory,et al.  The Roles of Perceived “Shared” Involvement and Information Overload in Understanding How Audiences make Meaning of News about Bioterrorism , 2006 .

[92]  D. Gragg A Multi-Level Defense Against Social Engineering , 2003 .

[93]  Ronald C. Dodge,et al.  The Influences of Social Networks on Phishing Vulnerability , 2012, 2012 45th Hawaii International Conference on System Sciences.

[94]  Robert Gibson Who's really in your top 8: network security in the age of social networking , 2007, SIGUCCS '07.