Skip navigation

An eye for deception: a case study in utilising the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

An eye for deception: a case study in utilising the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

Heartfield, Ryan, Loukas, George and Gan, Diane (2017) An eye for deception: a case study in utilising the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In: Software Engineering Research, Management and Applications, 7-9 June 2017, University of Greenwich. (In Press)

[img]
Preview
PDF (Author Accepted Manuscript)
16703 HEARTFIELD_Eye_for_Deception_2017.pdf - Accepted Version

Download (947kB) | Preview

Abstract

In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other semantic social engineering attacks. Here, we put the concept of the humanas-
a-security-sensor to the test with a first case study on a small number of participants subjected to different attacks in a controlled laboratory environment and provided with a mechanism to report these attacks if they spot them. A key challenge is to estimate the reliability of each report, which we address with a machine learning approach. For comparison, we evaluate the ability of known technical security countermeasures in detecting the same threats. This initial proof of concept study shows that the concept is viable.

Item Type: Conference or Conference Paper (Paper)
Uncontrolled Keywords: Human-as-a-Sensor; Social engineering; Semantic attacks; Cyber security
Subjects: Q Science > QA Mathematics
Faculty / Department / Research Group: Faculty of Architecture, Computing & Humanities
Faculty of Architecture, Computing & Humanities > Computer Security, Audit, Forensics & Education (C-SAFE) Centre
Faculty of Architecture, Computing & Humanities > Department of Computing & Information Systems
Related URLs:
Last Modified: 27 Apr 2017 15:33
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: None
URI: http://gala.gre.ac.uk/id/eprint/16703

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics