Social Engineering in Cybersecurity: a Domain Ontology and Knowledge Graph Application Examples Zuoguang Wang1,2* , Hongsong Zhu1,2* ,Peipeiliu1,2 and Limin Sun1,2

Social Engineering in Cybersecurity: a Domain Ontology and Knowledge Graph Application Examples Zuoguang Wang1,2* , Hongsong Zhu1,2* ,Peipeiliu1,2 and Limin Sun1,2

Wang et al. Cybersecurity (2021) 4:31 Cybersecurity https://doi.org/10.1186/s42400-021-00094-6 RESEARCH Open Access Social engineering in cybersecurity: a domain ontology and knowledge graph application examples Zuoguang Wang1,2* , Hongsong Zhu1,2* ,PeipeiLiu1,2 and Limin Sun1,2 Abstract Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks. Keywords: Social engineering attack, Cyber security, Ontology, Knowledge graph, Attack scenarios, Threat analysis, Attack path, Attack model, Taxonomy, Composition and structure Introduction (Wang et al. 2020). Many distinctive features make social In the context of cybersecurity, social engineering engineering to be a quite popular attack in hacker commu- describes a type of attack in which the attacker exploit nity and a serious, universal and persistent threat to cyber human vulnerabilities (by means such as influence, per- security. 1) Compared to classical attacks such as pass- suasion, deception, manipulation and inducing) to breach word cracking by brute-force and software vulnerabilities the security goals (such as confidentiality, integrity, avail- exploit, social engineering exploits human vulnerabili- ability, controllability and auditability) of cyberspace ele- ties to bypass or break through security barriers, without ments (such as infrastructure, data, resource, user and having to combat with firewall or antivirus software by operation). Succinctly, social engineering is a type of deep coding. 2) For some attack scenarios, social engi- attack wherein the attacker exploit human vulnerability neering can be as simple as making a phone call and through social interaction to breach cyberspace security impersonating an insider to elicit the classified informa- tion. 3) Especially in past decades when defense mainly *Correspondence: [email protected]; [email protected] focus on the digital domain yet overlooks human fac- 1School of Cyber Security, University of Chinese Academy of Sciences, Beijing tors in security. As the development of security technol- 100049, China ogy, classical attacks become harder and more and more 2Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences (CAS), Beijing 100093, attackers turn to social engineering. 4) Human vulner- China abilities seem inevitable, after all, there is not a cyber © The Author(s). 2021 Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. Wang et al. Cybersecurity (2021) 4:31 Page 2 of 21 system doesn’t rely on humans or involve human fac- Thus, we propose a domain ontology of social engi- tors on earth and these human factors are vulnerable neering to understand, analyze, reuse and share domain obviously or can be largely turned into security vulnera- knowledgeofsocialengineering. bilities by skilled attackers. Moreover, social engineering Organization: “Methodology to develop domain onto- threat is increasingly serious along with its evolution in logy” section describes the background material and new technical and cyber environment. Social engineer- methodology to develop domain ontology. “Material and ing gets not only large amounts of sensitive information ontology implementation” section presents the material about people, network and devices but also more attack and ontology implementation. “Result: domain ontology channels with the wide applications of Social Networking of social engineering in cybersecurity”sectionisthe Sites (SNSs), Internet of Things (IoT), Industrial Inter- result: domain ontology of social engineering in cyber- net, mobile communication and wearable devices. And security. “Evaluation: knowledge graph application exam- large part of above information is open source, which sim- ples” section is the evaluation and application of the ontol- plifies the information gathering for social engineering. ogy and knowledge graph. “Discussion”sectionisthe Social engineering becomes more efficient and automated discussion. “Conclusion” section concludes the paper. by technology such as machine learning and artificial intelligence. As a result, a large group of targets can be reached and specific victims can be carefully selected to Methodology to develop domain ontology craft more creditable attack. The spread of social engi- Thereisnosinglecorrectwayormethodologyfordevel- neering tools decrease the threat threshold. Loose office oping ontologies (Noy and McGuinness 2001). Since policy (bring your own device, remote office, etc.) leads to ontology design is a creative process and many factors the weakening of area-isolation of different security levels will affect the design choices, such as the potential appli- and creates more attack opportunities. Targeted, large- cations of the ontology, the designer’s understanding and scale, robotic, automated and advanced social engineering view of the domain, different domain features, antici- attack is becoming possible (Wang et al. 2020). pations of the ontology to be more intuitive, general, To protect against social engineering, the fundamen- detailed, extensible and / or maintainable. tal work is to know what social engineering is, what In this paper, we design the methodology to develop entities significantly constitute or affect social engineer- domain ontology of social engineering based on the ing and how these entities relate to each other. Study method reported in work (Noy and McGuinness 2001) (Wang et al. 2020) proposed a definition of social engi- with some modification. Protégé 5.5.0 (Musen and Pro- neering in cybersecurity based on systematically con- tégé Team 2015) is used to edit and implement the ontol- ceptual evolution analysis. Yet only the definition is not ogy. It should be noted that "entity" in real word are enough to get insight into all the issue above, and fur- described as "concept" in ontology and "class" in Protégé; ther, to server as a tool for analyzing social engineer- "relation" is described as "object property" in Protégé. The ing attack scenarios or incidents and providing a formal, methodology is described as Fig. 1. explicit, reusable knowledge schema of social engineering domain. Ontology is a term comes from philosophy to describe the existence of beings in the world and adopted in infor- matics, semantic web, knowledge engineering and Arti- ficial Intelligence (AI) fields, in which an ontology is a formal, explicit description of knowledge as a set of con- cepts within a domain and the relationships among them (i.e. what entities exist in a domain and how they related). It defines a common vocabulary for researchers who need to share information and includes definitions of basic con- cepts in the domain and their relations (Noy and McGuin- ness 2001). In an ontology, semantic information and components such as concept, object, relation, attribute, constraints and axiom are encoded or formally specified, by which an ontology is machine-readable and has capac- ity for reasoning. In this way, ontology not only introduce a formal, explicit, shareable and reusable knowledge rep- resentation but also can add new knowledge about the Fig. 1 Overview of methodology to develop domain ontology of social engineering domain. Wang et al. Cybersecurity (2021) 4:31 Page 3 of 21 (1) Determine the domain, purpose and scope. (a.k.a. social engineer) is the party to conduct social engi- As described before, the domain of the ontology is neering attack; it can be an individual

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    21 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us