A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks
Heartfield, Ryan and Loukas, George ORCID: 0000-0003-3559-5182 (2016) A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48 (3):37. ISSN 0360-0300 (Print), 1557-7341 (Online) (doi:https://doi.org/10.1145/2835375)
|
PDF (Author's Accepted Manuscript)
15016_Loukas_A taxonomy of attacks (AAM) 2015.pdf - Accepted Version Download (1MB) | Preview |
Abstract
Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Semantic social engineering, phishing, security |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) Faculty of Engineering & Science |
Last Modified: | 04 Mar 2022 13:07 |
URI: | http://gala.gre.ac.uk/id/eprint/15016 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year