Research of the aviation personnel vulnerability profile to social engineering attacks

A. K. Volkov; A. K. Volkov; L. I. Frolova

doi:10.26467/2079-0619-2020-23-2-20-32

Научный вестник МГТУ ГА (Apr 2020)

Research of the aviation personnel vulnerability profile to social engineering attacks

A. K. Volkov,
A. K. Volkov,
L. I. Frolova

Affiliations

A. K. Volkov: Ulyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.Bugaev
A. K. Volkov: Ulyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.Bugaev
L. I. Frolova: Ulyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.Bugaev

DOI: https://doi.org/10.26467/2079-0619-2020-23-2-20-32
Journal volume & issue: Vol. 23, no. 2
pp. 20 – 32

Abstract

Read online

In conditions of strengthening the informational component of aviation activity, the task of ensuring aviation cybersecurity becomes extremely urgent. Currently, a regulatory framework is being developed that regulates activities in this area, both on the part of the International Civil Aviation Organization and at the Russian Federation level. In the complex of aviation cybersecurity threats, which include deliberate attacks, errors of third-party companies, system errors, natural phenomena, the human factor occupies an important place. In this work, this negative phenomenon is considered from the point of view of the aviation personnel vulnerability to social engineering attacks. Such type of attack by an attacker involves a set of applied psychological and analytical techniques that facilitate the receipt of confidential information or the violation of information security rules by legitimate company employees. The existing approach to building a profile of user vulnerabilities to social engineering attacks involves a series of psychological tests, the results of which are used to predict the user vulnerability through its psychological characteristics. In this work a slightly different task is posed, the main idea is to restore the vulnerability profile of aviation personnel from activity data in a social network. This is due to the fact that studying the user profile of a social network will more quickly solve the problem of choosing the most vulnerable employee for a particular type of social engineering attack and introduce preventive measures. The research was conducted on the basis of JSC «Surgut International Airport». 36 aviation security inspectors were selected as the respondents. Empirical data have been obtained including profiles of social network user profiles and a number of psychological tests. Using factor analysis the problem of reducing dimensionality and choosing the most informative indicators characterizing the activity of a social network user has been solved. A discriminant model that allows predicting the vulnerability profile of personnel according to the social network has been developed. Possible types of social engineering attacks on aviation personnel are presented.

Published in Научный вестник МГТУ ГА

ISSN: 2079-0619 (Print); 2542-0119 (Online)
Publisher: Moscow State Technical University of Civil Aviation
Country of publisher: Russian Federation
LCC subjects: Technology: Motor vehicles. Aeronautics. Astronautics
Website: http://avia.mstuca.ru

About the journal

Abstract

Keywords