An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks
Tools
Tools
Heartfield, Ryan, Loukas, George 
ORCID: 0000-0003-3559-5182 and Gan, Diane ORCID: 0000-0002-0920-7572
(2017)
An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks.
In: 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA).
IEEE.
ISBN 978-1-5090-5757-3
(doi:https://doi.org/10.1109/SERA.2017.7965754)
|
PDF (Author Accepted Manuscript)
16703 HEARTFIELD_Eye_for_Deception_2017.pdf - Accepted Version Download (947kB) | Preview |
Abstract
In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other semantic social engineering attacks. Here, we put the concept of the humanas-a-security-sensor to the test with a first case study on a small number of participants subjected to different attacks in a controlled laboratory environment and provided with a mechanism to report these attacks if they spot them. A key challenge is to estimate the reliability of each report, which we address with a machine learning approach. For comparison, we evaluate the ability of known technical security countermeasures in detecting the same threats. This initial proof of concept study shows that the concept is viable.
| Item Type: | Conference Proceedings |
|---|---|
| Title of Proceedings: | 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA) |
| Additional Information: | Conference held from 7-9 June 2017, London, UK. |
| Uncontrolled Keywords: | Human-as-a-Sensor; Social engineering; Semantic attacks; Cyber security |
| Subjects: | Q Science > QA Mathematics |
| Faculty / Department / Research Group: | Faculty of Liberal Arts & Sciences Faculty of Liberal Arts & Sciences > Internet of Things and Security (ISEC) Faculty of Liberal Arts & Sciences > School of Computing & Mathematical Sciences (CAM) |
| Related URLs: | |
| Last Modified: | 26 Nov 2020 22:34 |
| Selected for GREAT 2016: | None |
| Selected for GREAT 2017: | None |
| Selected for GREAT 2018: | None |
| Selected for GREAT 2019: | None |
| Selected for REF2021: | None |
| URI: | http://gala.gre.ac.uk/id/eprint/16703 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year