Reference Hub

This research has been cited in:

Chapter
Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User BehaviorApplied Technologies10.1007/978-3-031-03884-6_26
Article
SEAG: A novel dynamic security risk assessment method for industrial control systems with consideration of social engineeringJournal of Process Control10.1016/j.jprocont.2023.103131
Article
Evaluation Framework for Electric Vehicle Security Risk AssessmentIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.3307660
Conference
Social engineering in metaverse environment2023 IEEE 10th International Conference on Cyber Security and Cloud Computing (CSCloud)/2023 IEEE 9th International Conference on Edge Computing and Scalable Cloud (EdgeCom)10.1109/CSCloud-EdgeCom58631.2023.00034
Article
A Systematic Survey of Multi-Factor Authentication for Cloud InfrastructureFuture Internet10.3390/fi15040146
Article
Quantitative Assessment Model of IT Operation and Maintenance Operation Risk Based on the Digital Twin ModelScientific Programming10.1155/2022/4210927
Article
The Risk Management Mode of Construction Project Management in the Multimedia Environment of Internet of ThingsMobile Information Systems10.1155/2021/1311474
Article
Modelling and analysis of social engineering threats using the attack tree and the Markov modelInternational Journal of Information Technology10.1007/s41870-023-01540-z
Article
Measuring Awareness of Social Engineering in the Educational Sector in the Kingdom of Saudi ArabiaInformation10.3390/info12050208
Article
Social engineering awareness and resilience in Egypt: a quantitative explorationLibrary Hi Tech10.1108/LHT-10-2023-0480
Article
Evaluation of Measures Taken by Telecommunication Companies in Preventing Social Engineering Attacks in TanzaniaEuropean Journal of Theoretical and Applied Sciences10.59324/ejtas.2023.1(4).114
Article
Survey on Technique and User Profiling in Unsupervised Machine Learning MethodJournal of Machine and Computing10.53759/7669/jmc202202002
Article
Research on Internet data security and privacy protectionJournal of Physics: Conference Series10.1088/1742-6596/2005/1/012004
Article
Networked Organizational Structure of Enterprise Information Security Management Based on Digital Transformation and Genetic AlgorithmFrontiers in Public Health10.3389/fpubh.2022.921632
Article
Network awareness of security situation information security measurement method based on data miningJournal of Intelligent & Fuzzy Systems10.3233/JIFS-233390
Article
Design and implementation of a vulnerability mining system for power internet of things terminal based on fuzzy mathematical model simulation platformIntelligent Decision Technologies10.3233/IDT-230241
Article
Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering AttacksAdministrative Consulting10.22394/1726-1139-2022-2-123-138
Article
Computer Network Information Security and Protection Strategy Based on Big Data EnvironmentInternational Journal of Information Technologies and Systems Approach10.4018/IJITSA.319722

A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

Ziwei Ye, Yuanbo Guo, Ankang Ju, Fushan Wei, Ruijie Zhang, Jun Ma

Source Title: Journal of Organizational and End User Computing (JOEUC)32(3)

ISSN: 1546-2234|EISSN: 1546-5012|EISBN13: 9781522583707|DOI: 10.4018/JOEUC.2020070104

Cite Article Cite Article

MLA

Ye, Ziwei, et al. "A Risk Analysis Framework for Social Engineering Attack Based on User Profiling." JOEUC vol.32, no.3 2020: pp.37-49. http://doi.org/10.4018/JOEUC.2020070104

APA

Ye, Z., Guo, Y., Ju, A., Wei, F., Zhang, R., & Ma, J. (2020). A Risk Analysis Framework for Social Engineering Attack Based on User Profiling. Journal of Organizational and End User Computing (JOEUC), 32(3), 37-49. http://doi.org/10.4018/JOEUC.2020070104

Chicago

Ye, Ziwei, et al. "A Risk Analysis Framework for Social Engineering Attack Based on User Profiling," Journal of Organizational and End User Computing (JOEUC) 32, no.3: 37-49. http://doi.org/10.4018/JOEUC.2020070104

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.