dc.contributor.author |
Mouton, Francois
|
|
dc.contributor.author |
Nottingham, Alastair
|
|
dc.contributor.author |
Leenen, Louise
|
|
dc.contributor.author |
Venter, H.S. (Hein)
|
|
dc.date.accessioned |
2019-03-04T09:54:41Z |
|
dc.date.available |
2019-03-04T09:54:41Z |
|
dc.date.issued |
2018-06 |
|
dc.description |
Based on: “Underlying Finite State Machine for the Social Engineering Attack Detection Model”, by F. Mouton, A. Nottingham, L. Leenen and H.S. Venter which
appeared in the Proceedings of Information Security South African (ISSA) 2017, Johannesburg, 16 & 17 August 2017. |
en_ZA |
dc.description.abstract |
Information security is a fast-growing discipline, and relies on continued improvement of
security measures to protect sensitive information. Human operators are one of the weakest links in the
security chain as they are highly susceptible to manipulation. A social engineering attack targets this
weakness by using various manipulation techniques to elicit individuals to perform sensitive requests.
The field of social engineering is still in its infancy with respect to formal definitions, attack frameworks,
and examples of attacks and detection models. In order to formally address social engineering
in a broad context, this paper proposes the underlying abstract finite state machine of the Social
Engineering Attack Detection Model (SEADM). The model has been shown to successfully thwart
social engineering attacks utilising either bidirectional communication, unidirectional communication
or indirect communication. Proposing and exploring the underlying finite state machine of the model
allows one to have a clearer overview of the mental processing performed within the model. While
the current model provides a general procedural template for implementing detection mechanisms for
social engineering attacks, the finite state machine provides a more abstract and extensible model that
highlights the inter-connections between task categories associated with different scenarios. The finite
state machine is intended to help facilitate the incorporation of organisation specific extensions by
grouping similar activities into distinct categories, subdivided into one or more states. The finite state
machine is then verified by applying it to representative social engineering attack scenarios from all
three streams of possible communication. This verifies that all the capabilities of the SEADM are kept
in tact, whilst being improved, by the proposed finite state machine. |
en_ZA |
dc.description.department |
Computer Science |
en_ZA |
dc.description.librarian |
am2019 |
en_ZA |
dc.description.uri |
http://www.saiee.org.za/DirectoryDisplay/DirectoryCMSPages.aspx?name=Publications#id=1588&dirname=ARJ&dirid=337 |
en_ZA |
dc.identifier.citation |
Mouton, F., Nottingham, A., Leenen, L. et al. 2018, 'Finite state machine for the social engineering attack detection model : SEADM', SAIEE Africa Research Journal, vol. 109, no. 2, pp. 133-147. |
en_ZA |
dc.identifier.issn |
1991-1696 |
|
dc.identifier.uri |
http://hdl.handle.net/2263/68547 |
|
dc.language.iso |
en |
en_ZA |
dc.publisher |
South African Institute of Electrical Engineers |
en_ZA |
dc.rights |
© 2018 South African Institute of Electrical Engineers |
en_ZA |
dc.subject |
Bidirectional communication |
en_ZA |
dc.subject |
Finite state machine |
en_ZA |
dc.subject |
Indirect communication |
en_ZA |
dc.subject |
Social engineering |
en_ZA |
dc.subject |
Social engineering attack examples |
en_ZA |
dc.subject |
Social engineering attack detection model |
en_ZA |
dc.subject |
Social engineering attack framework |
en_ZA |
dc.subject |
Unidirectional communication |
en_ZA |
dc.subject |
Security of data |
en_ZA |
dc.subject |
Sensitive information |
en_ZA |
dc.subject |
Manipulation techniques |
en_ZA |
dc.subject |
Formal definition |
en_ZA |
dc.subject |
Detection mechanism |
en_ZA |
dc.subject |
Attack detection |
en_ZA |
dc.subject |
Finite automata |
en_ZA |
dc.title |
Finite state machine for the social engineering attack detection model : SEADM |
en_ZA |
dc.type |
Article |
en_ZA |