Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal.

随着社会技术系统的迅速发展，人们在信息系统中扮演着越来越重要的角色，实际上已经成为系统的重要组成部分。但是，与已经研究了数十年的基于技术的攻击不同，社会工程攻击尚未得到有效解决。特别是由于社会工程学的跨学科性质，对其定义缺乏共识，阻碍了该领域的进一步发展。在本文中，我们在对现有社会工程学分类法和本体论进行系统综述的基础上，提出了一个全面而基本的社会工程学本体论，从而为社会工程学分析提供理论基础。本文的主要贡献包括：（1）提出一个综合的社会工程本体论，并基于情境演算精确地定义其基本概念的本体论定义；（2）列举和总结一套社会工程技术，并根据所提出的本体对它们进行细分类。（3）将心理学和社会学知识整合到社会工程分析中，并用形式化的本体论将这些知识封装起来。我们根据一组实际的社会工程攻击评估了我们的本体，其攻击结果表明了我们的建议的有效性。（3）将心理学和社会学知识整合到社会工程分析中，并用形式化的本体论将这些知识封装起来。我们根据一组实际的社会工程攻击评估了我们的本体，其攻击结果表明了我们的建议的有效性。（3）将心理学和社会学知识整合到社会工程分析中，并用形式化的本体论将这些知识封装起来。我们根据一组实际的社会工程攻击评估了我们的本体，其攻击结果表明了我们的建议的有效性。