CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

A Taxonomy for Social Engineering Attacks via Personal Devices

by Hussain Aldawood, Geoffrey Skinner
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 178 - Number 50
Year of Publication: 2019
Authors: Hussain Aldawood, Geoffrey Skinner
10.5120/ijca2019919411

Hussain Aldawood, Geoffrey Skinner . A Taxonomy for Social Engineering Attacks via Personal Devices. International Journal of Computer Applications. 178, 50 ( Sep 2019), 19-26. DOI=10.5120/ijca2019919411

@article{ 10.5120/ijca2019919411,
author = { Hussain Aldawood, Geoffrey Skinner },
title = { A Taxonomy for Social Engineering Attacks via Personal Devices },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2019 },
volume = { 178 },
number = { 50 },
month = { Sep },
year = { 2019 },
issn = { 0975-8887 },
pages = { 19-26 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume178/number50/30891-2019919411/ },
doi = { 10.5120/ijca2019919411 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:53:38.666903+05:30
%A Hussain Aldawood
%A Geoffrey Skinner
%T A Taxonomy for Social Engineering Attacks via Personal Devices
%J International Journal of Computer Applications
%@ 0975-8887
%V 178
%N 50
%P 19-26
%D 2019
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Social engineering attacks are a major threat to organizations and individuals as digitization and connectivity through the internet increase. This study aims to review scholarly research analyzing the topic of social engineering and further chart the evolution of the threat. The review identifies methods of such attacks on various platforms and devices and discusses motivations behind social engineering attacks. Finally, the paper analyzes the nature and impact of social engineering attacks and presents a taxonomy on socially engineered attacks by analyzing their anatomy.

References
  1. Orgill, G. L., Romney, G. W., Bailey, M. G. and Orgill, P. M. The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. ACM, 2004.
  2. Kumar, A., Chaudhary, M. and Kumar, N. Social engineering threats and awareness: a survey. European Journal of Advances in Engineering and Technology, 2, 11 (2015), 15-19.
  3. Albert, R., Jimenez, A., Keane, S., Mancini, S., Orr, M., Pantazopoulos, R., Reichert, A. and Wentzel, K. The Future of Ransomware and Social Engineering. U.S. Department of Homeland Security (2017).
  4. Ivaturi, K. and Janczewski, L. A taxonomy for social engineering attacks. Centre for Information Technology, Organizations, and People, 2011.
  5. Patel, K. K. and Reichardt, S. The Dark Side of Transnationalism Social Engineering and Nazism, 1930s–40s. Journal of Contemporary History, 51, 1 (2016), 3-21.
  6. Butavicius, M., Parsons, K., Pattinson, M. and McCormac, A. Breaching the human firewall: Social engineering in phishing and spear-phishing emails. arXiv preprint arXiv:1606.00887 (2016).
  7. Ablon, L. Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data. RAND, 2018.
  8. Algarni, A., Xu, Y., Chan, T. and Tian, Y.-C. Social engineering in social networking sites: Affect-based model. IEEE, 2013.
  9. Kjaerland, M. A taxonomy and comparison of computer security incidents from the commercial and government sectors. Computers & Security, 25, 7 (2006), 522-538.
  10. Krombholz, K., Hobel, H., Huber, M. and Weippl, E. Advanced social engineering attacks. Journal of Information Security and Applications, 22 (2015), 113-122.
  11. Schoeman, A. and Irwin, B. Social recruiting: a next generation social engineering attack. Journal of Information Warfare, 11, 3 (2012), 17-24.
  12. Greitzer, F. L., Strozer, J. R., Cohen, S., Moore, A. P., Mundie, D. and Cowley, J. Analysis of unintentional insider threats deriving from social engineering exploits. IEEE, 2014.
  13. Conteh, N. Y. and Schmick, P. J. Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6, 23 (2016), 31.
  14. LeBlanc, J. and Messerschmidt, T. Identity and Data Security for Web Development: Best Practices. " O'Reilly Media, Inc.", 2016.
  15. Harry, C. and Gallagher, N. Classifying Cyber Events: A Proposed Taxonomy. Journal of Information Warfare, 17, 3 (2018), 17.
  16. Salahdine, F. and Kaabouch, N. Social Engineering Attacks: A Survey. Future Internet, 11, 4 (2019), 89.
  17. Koyun, A. and Al Janabi, E. Social engineering attacks. Journal of Multidisciplinary Engineering Science and Technology (JMEST) (2017).
  18. Gupta, S., Singhal, A. and Kapoor, A. A literature survey on social engineering attacks: Phishing attack. IEEE, 2016.
  19. Patil, P. and Devale, P. A literature survey of phishing attack technique. Int. J. Adv. Res. Comput. Commun. Eng, 5 (2016), 198-200.
  20. Ikhalia, E. J. A new social media security model (SMSM). International Journal of Emerging Technology and Advanced Engineering Website: www. ijetae. com (ISSN 2250-2459, ISO 9001: 2008 Certified Journal, Volume 3, Issue 7 (2013).
  21. Arachchilage, N. A. G. and Love, S. Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38 (2014).
  22. Wilcox, H., Bhattacharya, M. and Islam, R. Social engineering through social media: an investigation on enterprise security. Springer, 2014.
  23. Narendra, K. and Sreedevi, E. Social Engineering and Defense against Social Engineering (2018).
  24. Krombholz, K., Hobel, H., Huber, M. and Weippl, E. Social engineering attacks on the knowledge worker. ACM, 2013.
  25. Chitrey, A., Singh, D. and Singh, V. A comprehensive study of social engineering based attacks in india to develop a conceptual model. International Journal of Information and Network Security, 1, 2 (2012), 45.
  26. Wilcox, H. and Bhattacharya, M. A framework to mitigate social engineering through social media within the enterprise. IEEE, 2016.
  27. Mohebzada, J. G., El Zarka, A., BHojani, A. H. and Darwish, A. Phishing in a university community: Two large scale phishing experiments. IEEE, 2012.
  28. Hadnagy, C. Unmasking the social engineer: The human element of security. John Wiley & Sons, 2014.
  29. Airehrour, D., Vasudevan Nair, N. and Madanian, S. Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model. Information, 9, 5 (2018).
  30. Gupta, B. B., Arachchilage, N. A. and Psannis, K. E. Defending against phishing attacks: taxonomy of methods, current issues and future directions. Telecommunication Systems, 67, 2 (2018), 247-267.
  31. Chen, S. Trust Management for a Smart Card Based Private eID Manager. NTNU, 2016.
  32. Van Heerden, R., Irwin, B., Burke, I. D. and Leenen, L. A computer network attack taxonomy and ontology. International Journal of Cyber Warfare and Terrorism (IJCWT), 2, 3 (2012), 12-25.
  33. Nath, H. V. and Mehtre, B. M. Static malware analysis using machine learning methods. Springer, 2014.
  34. Stringhini, G., Kruegel, C. and Vigna, G. Shady paths: Leveraging surfing crowds to detect malicious web pages. ACM, 2013.
  35. Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., Geus, P. L. d. and Jino, M. Toward a taxonomy of malware behaviors. The Computer Journal, 58, 10 (2015).
  36. Laribee, L. Development of methodical social engineering taxonomy project. Naval Postgraduate School Monterey CA, 2006.
  37. Heartfield, R. and Loukas, G. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48, 3 (2016), 37.
  38. Jang-Jaccard, J. and Nepal, S. A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80, 5 (2014), 973-993.
  39. Mancuso, V. F., Strang, A. J., Funke, G. J. and Finomore, V. S. Human factors of cyber attacks: a framework for human-centered research. SAGE Publications Sage CA: Los Angeles, CA, 2014.
  40. Foozy, C. F. M., Ahmad, R., Abdollah, M. F., Yusof, R. and Mas’ud, M. Z. Generic taxonomy of social engineering attack and defence mechanism for handheld computer study, 2011.
  41. Caviglione, L., Coccoli, M. and Merlo, A. A taxonomy-based model of security and privacy in online social networks. IJCSE, 9, 4 (2014), 325-338.
  42. Klaper, D. and Hovy, E. A taxonomy and a knowledge portal for cybersecurity. ACM, 2014.
  43. He, D., Chan, S. and Guizani, M. Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22, 1 (2015), 138-144.
  44. Pienta, D., Thatcher, J. B. and Johnston, A. C. A Taxonomy of Phishing: Attack Types Spanning Economic, Temporal, Breadth, and Target Boundaries, 2018.
  45. Rowe, N. A taxonomy of deception in cyberspace, 2006.
  46. Pawlick, J. A Systems Science Perspective on Deception for Cybersecurity in the Internet of Things. New York University Tandon School of Engineering, 2018.
  47. Patel, R. S. Kali Linux social engineering. Packt Publishing Ltd, 2013.
  48. Rjaibi, N. and Rabai, L. B. A. Developing a novel holistic taxonomy of security requirements. Procedia Computer Science, 62 (2015), 213-220.
  49. Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R. and Bellekens, X. A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. (2018).
  50. Brar, H. S. and Kumar, G. Cybercrimes: A proposed taxonomy and challenges. Journal of Computer Networks and Communications, 2018 (2018).
  51. Cebula, J. J., Popeck, M. E. and Young, L. R. A taxonomy of operational cyber security risks version 2. Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst, 2014.
  52. Chen, K., Zhang, S., Li, Z., Zhang, Y., Deng, Q., Ray, S. and Jin, Y. Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. Journal of Hardware and Systems Security, 2, 2 (2018), 97-110.
  53. Simmons, C., Ellis, C., Shiva, S., Dasgupta, D. and Wu, Q. AVOIDIT: A cyber attack taxonomy, 2014.
  54. Yeboah-Boateng, E. O. and Amanor, P. M. Phishing, SMiShing & Vishing: an assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences, 5, 4 (2014), 297-307.
  55. Dunham, K. Mobile malware attacks and defense. Syngress, 2008.
  56. Bitton, R., Finkelshtein, A., Sidi, L., Puzis, R., Rokach, L. and Shabtai, A. Taxonomy of mobile users' security awareness. Computers & Security, 73 (2018), 266-293.
  57. Yoshizawa, H., Ishida, M. and Yoshitsuru, T. Development of and Future Prospects for Tablet Devices. Fujitsu Sci. Tech. J, 49, 2 (2013), 208-212.
  58. Aldawood, H. and Skinner, G. An academic review of current industrial and commercial cyber security social engineering solutions. In Proceedings of the Proceedings of the 3rd International Conference on Cryptography, Security and Privacy (Kuala Lumpur, Malaysia, 2019). ACM, 2019.
  59. Aldawood, H. and Skinner, G. Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11, 3 (2019), 73.
  60. Aldawood, H. and Skinner, G. Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. International Journal of Security (IJS), 10, 1 (2019), 1.
  61. Aldawood, H. and Skinner, G. Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review. Sydney, Australia, 2018.
  62. Aldawood, H. A. and Skinner, G. A Critical Appraisal of Contemporary Cyber Security Social Engineering Solutions: Measures, Policies, Tools and Applications. Sydney, Australia, 2018.
Index Terms

Computer Science
Information Sciences

Keywords

Cyber Security Information Security Social Engineering Social Engineering Attacks Social Engineering Taxonomy Security Attack Taxonomy.

Powered by PhDFocusTM