Naučno-tehničeskij Vestnik Informacionnyh Tehnologij, Mehaniki i Optiki (Mar 2018)
ANALYSIS OF USERS’ PROTECTION FROM SOCIO-ENGINEERING ATTACKS: SOCIAL GRAPH CREATION BASED ON INFORMATION FROM SOCIAL NETWORK WEBSITES
Abstract
Subject of Research. The paper deals with accounts in social network websites as a source of information about the intensity of communication between employees in the team. On their basis we form success probability estimates for the spread of malefactorsocio-engineering attack on the user. Scope of Research. The research goal is to build a success assessment for malefactormulti-pass socio-engineering attack on the user based on information obtained from the accounts of company employees in social network websites which characterizes communication intensity between them. The research is aimed at development of models and algorithms for socio-engineering attack spreading on the collapsed social graph of the company and description of methods for calculation of security estimates for the information system users from multi-pass socio-engineering attacks, such attacks, where the target and the entry point do not match. Method. The methods are used of information searching, comparing and analyzing, which characterizes communication intensity between company employees, and data extracted from their accounts in social network websites. Success probability estimate of multi-pass socio-engineering attack reduces to probability estimate creation of a complex event. Main Results. A formula is presented for calculating of probability estimates of socio-engineering attack propagation between users. The estimates obtained in this way are compared to the arcs in the company's social graph, which is used in turn to assess the success probability of a multi-pass socio-engineering attack, the attack, passing through a chain of users. In the earlier studies, estimates of probabilities were defined expertly. The advantages of calculation automating of probability estimates based on data received from social network websites are described. Research Novelty.The paper considers approaches to probabilistic estimates of multi-pass socio-engineering attack success where attacks are intermediate, non-direct, and non-reducible to a single malefactoract. These estimates take into account user’s links in his or her social graph; the parameters of those links are based on the data obtained from social media/networks. Practical Relevance.The approach proposed in this paper provides the basis for further analysis of possible propagation trajectories of multi-pass social engineering attacks, as well as calculation of the probability of each such trajectory that in turn helps to expand the number of factors affecting the security evaluation of the information system users, and gives the possibility to set the backtracking task for attacks in one of the successful forms for finding solutions.
Keywords