Title :
Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems
Author :
Laribee, Lena ; Barnes, David S. ; Rowe, Neil C. ; Martell, Craig H.
Author_Institution :
US Naval Postgraduate Sch., Monterey, CA
Abstract :
The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering
Keywords :
computer networks; security of data; computer systems; cyberspace; defensive tools; information-security chain; social-engineering attacks; Algorithms; Buildings; Conferences; Government; Information analysis; Information security; Knowledge engineering; Protection; Timing;
Conference_Titel :
Information Assurance Workshop, 2006 IEEE
Conference_Location :
West Point, NY
Print_ISBN :
1-4244-0130-5
DOI :
10.1109/IAW.2006.1652125
