A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

Introduction

With the development of cloud security, social engineering attacks have been paid more and more attention because of the outstanding capability of penetrating cloud service which is difficult to the conventional techniques. However, the awareness for social engineering of cloud service customs and providers is relatively low (Krombholz et al., 2015; Kuyoro et al., 2011). Improving awareness and ability of prevention to social engineering attacks is of great significance for the accuracy of cloud security assessment and anti-attack capability.

Current researches on social engineering attacks are mainly of classification and qualitative analysis based on known cases. Chandra et al., (2015) treats social engineering attack as a feature of APT and discuss how to deploy defense system in cloud. A case is given to show how to run a malicious virtual machine in Amazon EC2 by social engineering (Meer et al., 2009). Some researchers summed up the existing social engineering attack classification achievements (Fooxy et al., 2011) and frequently used social engineering malwares (Abraham & Chengalur-Smith, 2010). In Mouton et al. (2014) the writers extracted a social engineering attack framework based on Kevin Mitnick's book “The art of deception: Controlling the human element of security” (Mitnick & Simon, 2001). A multi-layered model was presented for assessing possible social engineering exploits (Jaafor & Birregah, 2016). How educational and technological means can be used to reduce social engineering risk which the social media users faced was discussed (Tayouri 2015). Sheng et al. (2010) used a roleplay survey instrument to assess user’s vulnerability of phishing. However, there is little quantitative evaluation of possibility of being compromised by social engineer attacker and potential loss expect (Sheng et al., 2010), so that it is impossible to compare risks between social engineering attacks and technical attacks without social factors. Social engineering attack risk couldn’t be taken into account in network security assessment, resulting in negative effects on network reinforcement.

User profiling is an important application of big data. By adding descriptive tags to users, it can depict users from multiple dimensions, and reflect users’ behaviors, hobbies, jobs, etc. In recent years, user profiling has been widely used in network security research. An automated insider threat detection system was realized user profiling (Legg et al., 2017). Nurse et al. (2016) the writers studied how to distinguish online identify falsification. A framework was proposed to analyze users’ attributes and recognize accounts which belong to the same user from different social networks (Monika et al., 2016). As social engineering attack is the exploitation of human weaknesses, and the object of user profiling is also human, user model can be built by user profiling to find possible social engineering attack surface. It will be more pertinence comparing with techniques whose objects are networks or computers.

Aiming at the problem that existing network security assessment techniques cannot quantify the risk of social engineering attack, the authors present a risk analysis framework for social engineering attack based on user profiling. By extracting the relevant features, the possibility of being compromised and potential loss caused by social engineering attack could be quantified. The framework can be applied to various network security assessment instruments to optimize results and guide the employment of protection mechanisms against social engineering attack.