Aligning social concerns with information system security: A fundamental ontology for social engineering. Issue 104 (February 2022)
- Record Type:
- Journal Article
- Title:
- Aligning social concerns with information system security: A fundamental ontology for social engineering. Issue 104 (February 2022)
- Main Title:
- Aligning social concerns with information system security: A fundamental ontology for social engineering
- Authors:
- Li, Tong
Wang, Xiaowei
Ni, Yeming - Abstract:
- Abstract: Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal. Highlights: A review of existing social engineering ontologies. A proposalAbstract: Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal. Highlights: A review of existing social engineering ontologies. A proposal of a unified set of concepts of social engineering. A proposal of ontological definitions of social engineering based on Situation Calculus. A presentation of fine-grained classification of social engineering techniques, incorporating psychology and sociology knowledge into social engineering analysis. A formalization of social engineering ontology using Description Logic. … (more)
- Is Part Of:
- Information systems. Issue 104(2022)
- Journal:
- Information systems
- Issue:
- Issue 104(2022)
- Issue Display:
- Volume 104, Issue 104 (2022)
- Year:
- 2022
- Volume:
- 104
- Issue:
- 104
- Issue Sort Value:
- 2022-0104-0104-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-02
- Subjects:
- Social engineering -- Ontology -- Information system security -- Psychology -- Attacks
Database management -- Periodicals
Electronic data processing -- Periodicals
Bases de données -- Gestion -- Périodiques
Informatique -- Périodiques
Database management
Electronic data processing
Periodicals
005.7 - Journal URLs:
- http://www.sciencedirect.com/science/journal/03064379 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.is.2020.101699 ↗
- Languages:
- English
- ISSNs:
- 0306-4379
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4496.367300
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20100.xml