CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

An Advanced Taxonomy for Social Engineering Attacks

by Hussain Aldawood, Geoffrey Skinner
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 177 - Number 30
Year of Publication: 2020
Authors: Hussain Aldawood, Geoffrey Skinner
10.5120/ijca2020919744

Hussain Aldawood, Geoffrey Skinner . An Advanced Taxonomy for Social Engineering Attacks. International Journal of Computer Applications. 177, 30 ( Jan 2020), 1-11. DOI=10.5120/ijca2020919744

@article{ 10.5120/ijca2020919744,
author = { Hussain Aldawood, Geoffrey Skinner },
title = { An Advanced Taxonomy for Social Engineering Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Jan 2020 },
volume = { 177 },
number = { 30 },
month = { Jan },
year = { 2020 },
issn = { 0975-8887 },
pages = { 1-11 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume177/number30/31088-2019919744/ },
doi = { 10.5120/ijca2020919744 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:47:17.245785+05:30
%A Hussain Aldawood
%A Geoffrey Skinner
%T An Advanced Taxonomy for Social Engineering Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 177
%N 30
%P 1-11
%D 2020
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Rapid technological advancement has not only resulted in a change in the pace of economic development, but also led to increase in cyber-threats. A social engineering attack is one such threat where an attacker not only accesses critical information about a user through technology, but also through manipulation. Although the types of attacks are different i.e. social, physical, technical or socio-technical, the process is the same. This study creates an advanced taxonomy of social engineering attacks with the aim of facilitating the development and implementation of better prevention measures, stressing the importance of organizational awareness.

References
  1. Salahdine, F. and Kaabouch, N. Social Engineering Attacks: A Survey. Future Internet, 11, 4 (2019), 89.
  2. Koyun, A. and Al Janabi, E. Social engineering attacks. Journal of Multidisciplinary Engineering Science and Technology (JMEST) (2017).
  3. Krombholz, K., Hobel, H., Huber, M. and Weippl, E. Social engineering attacks on the knowledge worker. ACM, City, 2013.
  4. Yasin, A., Fatima, R., Liu, L., Yasin, A. and Wang, J. Contemplating social engineering studies and attack scenarios: A review study. Security and Privacy, 2, 4 (2019), e73.
  5. Edwards, M., Larson, R., Green, B., Rashid, A. and Baron, A. Panning for gold: automatically analysing online social engineering attack surfaces. Computers & Security, 69 (2017), 18-34.
  6. Kumar, A., Chaudhary, M. and Kumar, N. Social engineering threats and awareness: a survey. European Journal of Advances in Engineering and Technology, 2, 11 (2015), 15-19.
  7. Aldawood, H. and Skinner, G. Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11, 3 (2019), 73.
  8. Aldawood, H. and Skinner, G. Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review. Wollongong, Australia, 2018.
  9. Peltier, T. R. Social engineering: Concepts and solutions. Information Security Journal, 15, 5 (2006), 13.
  10. Goel, D. and Jain, A. K. Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security, 73 (2018), 519-544.
  11. Ghafir, I., Prenosil, V., Alhejailan, A. and Hammoudeh, M. Social Engineering Attack Strategies and Defence Approaches. City, 2016.
  12. Garcia-Alfaro, J. and Navarro-Arribas, G. A survey on cross-site scripting attacks. arXiv preprint arXiv:0905.4850 (2009).
  13. Mohamed, A. E. Complete Cross-site Scripting Walkthrough. City, 2012.
  14. Hasan, M., Prajapati, N. and Vohara, S. Case study on social engineering techniques for persuasion. arXiv preprint arXiv:1006.3848 (2010).
  15. Stafford, T. F. and Urbaczewski, A. Spyware: The ghost in the machine. The Communications of the Association for Information Systems, 14, 1 (2004), 49.
  16. Chinta, M., Alaparthi, J. and Kodali, E. A Study on Social Engineering Attacks and Defence Mechanisms, (2013). Vol.1, No.3, 23-32.
  17. Krombholz, K., Hobel, H., Huber, M. and Weippl, E. Advanced social engineering attacks. Journal of Information Security and Applications, 22 (2015), 113-122.
  18. Tandon, A. and Nayyar, A. A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat. Springer, City, 2019.
  19. Imaji, A. Ransomware Attacks: Critical Analysis, Threats, and Prevention methods. 2019.
  20. Banday, M. T., Qadri, J. A. and Shah, N. A. Study of Botnets and their threats to Internet Security. Sprouts: Working Papers on Information Systems, 9, 24 (2009).
  21. Saha, B. and Gairola, A. Botnet: an overview. CERT-In White Paper, CIWP-2005-05, 240 (2005).
  22. Antonioli, D., Bernieri, G. and Tippenhauer, N. O. Taking control: Design and implementation of botnets for cyber-physical attacks with cpsbot. arXiv preprint arXiv:1802.00152 (2018).
  23. de Almeida, A. J. M. Rootkits-Detection and prevention (2008).
  24. Baliga, A., Chen, X. and Iftode, L. Paladin: Automated detection and containment of rootkit attacks. Department of Computer Science, Rutgers University (2006).
  25. Shah, A. and Giffin, J. Analysis of rootkits: Attack approaches and detection mechanisms. Technical report, Georgia Institute of Technology, Tech. Rep. (2008).
  26. Rajesh, B., Reddy, Y. J. and Reddy, B. D. K. A Survey Paper on Malicious Computer Worms. International Journal of Advanced Research in Computer Science and Technology, 3, 2 (2015), 161-167.
  27. Toutonji, O. and Yoo, S.-M. An approach against a computer worm attack. International Journal of Communication Networks and Information Security, 1, 2 (2009), 47.
  28. Weaver, N., Paxson, V., Staniford, S. and Cunningham, R. A taxonomy of computer worms. ACM, City, 2003.
  29. Tang, Y., Luo, J., Xiao, B. and Wei, G. Concept, characteristics and defending mechanism of worms. IEICE TRANSACTIONS on Information and Systems, 92, 5 (2009), 799-809.
  30. Al-Saadoon, G. and Al-Bayatti, H. M. A comparison of trojan virus behavior in Linux and Windows operating systems. arXiv preprint arXiv:1105.1234 (2011).
  31. Yadav, M. S. and Randale, R. Detection and Prevention of Keylogger Spyware Attack (
  32. Sagiroglu, S. and Canbek, G. Keyloggers: Increasing threats to computer security and privacy. IEEE technology and society magazine, 28, 3 (2009), 10-17.
  33. Pathak, N., Pawar, A. and Patil, B. A survey on keylogger: A malicious attack. International Jourcal of Advanced Research in Computer Engineering and Technology (2015).
  34. Yadav, M. S. and Randale, R. Detection and Prevention of Keylogger Spyware Attack (2015).
  35. Ali, S., Islam, N., Rauf, A., Din, I., Guizani, M. and Rodrigues, J. Privacy and security issues in online social networks. Future Internet, 10, 12 (2018), 114.
  36. Choi, H., Zhu, B. B. and Lee, H. Detecting Malicious Web Links and Identifying Their Attack Types. WebApps, 11, 11 (2011), 218.
  37. Fire, M., Katz, G. and Elovici, Y. Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies. Human Journal, 1, 1 (2012), 26-39.
  38. Cao, Q., Yang, X., Yu, J. and Palow, C. Uncovering large groups of active malicious accounts in online social networks. ACM, City, 2014.
  39. Krombholz, K., Merkl, D. and Weippl, E. Fake identities in social media: A case study on the sustainability of the Facebook business model. Journal of Service Science Research, 4, 2 (2012), 175-212.
  40. Wani, M. A. and Jabin, S. A sneak into the Devil's Colony-Fake Profiles in Online Social Networks. arXiv preprint arXiv:1705.09929 (2017).
  41. Baitha, A. K. and Vinod, S. Session Hijacking and Prevention Technique. International Journal of Engineering & Technology, 7, 2.6 (2018), 193-198.
  42. Freier, A., Karlton, P. and Kocher, P. The secure sockets layer (SSL) protocol version 3.0 (2011).
  43. Infosec The Top Ten Most Famous Social Engineering Attacks. City, 2018.
  44. Nguyen, V.-L., Lin, P.-C. and Hwang, R.-H. Preventing the attempts of abusing cheap-hosting Web-servers for monetization attacks. arXiv preprint arXiv:1903.05470 (2019).
  45. Mallik, A., Ahsan, A., Shahadat, M. and Tsou, J. Man-in-the-middle-attack: Understanding in simple words. International Journal of Data and Network Science, 3, 2 (2019), 77-92.
  46. Keerthi, V. K. Taxonomy of SSL/TLS attacks. International Journal of Computer Network and Information Security, 8, 2 (2016), 15.
  47. Khoshbin, S. Educational Information Security Laboratories: A Literature Review. City, 2016.
  48. Jain, A. K. and Gupta, B. B. Feature Based Approach for Detection of Smishing Messages in the Mobile Environment. Journal of Information Technology Research (JITR), 12, 2 (2019), 17-35.
  49. Yeboah-Boateng, E. O. and Amanor, P. M. Phishing, SMiShing & Vishing: an assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences, 5, 4 (2014), 297-307.
  50. Cho, Y. and Qu, G. Detection and prevention of selective forwarding-based denial-of-service attacks in WSNs. International Journal of Distributed Sensor Networks, 9, 8 (2013), 205920.
  51. Shukla, J. and Sahni, B. A survey on VoIP security attacks and their proposed solutions. International Journal of Application or Innovation in Engineering & Management (IJAIEM) (2013).
  52. Ivaturi, K. and Janczewski, L. A taxonomy for social engineering attacks. Centre for Information Technology, Organizations, and People, City, 2011.
  53. Rocha Flores, W. and Ekstedt, M. Countermeasures for social engineering-based malware installation attacks. City, 2013
Index Terms

Computer Science
Information Sciences

Keywords

Cyber Security Information Security Social Engineering Social Engineering Attacks Social Engineering Taxonomy Security Attack Taxonomy.

Powered by PhDFocusTM