Abstract :
Social engineering (as used by the military or law-enforcement) is the emerging technique for obtaining classified information by interacting and deceiving people who can access that information. Rather than using traditional techniques of attacking the technical shields such as firewalls, many sophisticated computer hackers find that social engineering is more effective and difficult to detect by humans. Why can people not effectively detect social engineering, or more specifically, the art of deception? What can be done to augment human abilities for the task? The current findings warrant several possibilities that influence human ability to detect deception. Factors include such things as truth-bias, stereotypical thinking and processing ability. Knowing that human detection ability is limited, we propose a method to automatically detect deception that potentially assists humans. Results show that a system, using discriminant analysis to classify deception performed significantty better than humans in detecting deception. The findings can also be applied to general situations to ensure information authentication scenarios other than social engineering.
Keywords :
computer crime; human factors; psychology; social sciences; automatic deception detection; computer hacking; human judgment heuristics; potential implication detection; processing ability; social engineering; stereotypical thinking; truth-bias factor; Art; Computer hacking; Computer security; Costs; Humans; Information security; Intrusion detection; Management training; Military computing; Protection; Automatic Deception Detection; Social Engineering;
