Heartfield, Ryan and Loukas, George ORCID: 0000-0003-3559-5182 (2016) A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48 (3):37. ISSN 0360-0300 (Print), 1557-7341 (Online) (doi:https://doi.org/10.1145/2835375)

Preview

PDF (Author's Accepted Manuscript) 15016_Loukas_A taxonomy of attacks (AAM) 2015.pdf - Accepted Version Download (1MB) | Preview

Abstract

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

Item Type:	Article
Uncontrolled Keywords:	Semantic social engineering, phishing, security
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) Faculty of Engineering & Science
Last Modified:	04 Mar 2022 13:07
URI:	http://gala.gre.ac.uk/id/eprint/15016

Actions (login required)

View Item

Downloads