survey

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Authors:

Ryan Heartfield,

George LoukasAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 48, Issue 3

Article No.: 37, Pages 1 - 39

https://doi.org/10.1145/2835375

Published: 09 December 2015 Publication History

Get Access

Abstract

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This article presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

References

[1]

Z. H. Abdullah, N. I. Udzir, R. Mahmod, and K. Samsudin. 2011. Towards a dynamic file integrity monitor through a security classification. Internal Journal of New Computer Architectures and Their Applications (IJNCAA) 1, 3, 766--779.

Google Scholar

[2]

S. Abraham and C. S. UnduShobha. 2010. An overview of social engineering malware: Trends, tactics, and implications. Technology in Society 3, 32, 3, 183--196.

Google Scholar

[3]

S. Abu-Nimeh and S. Nair. 2006. Phishing attacks in a mobile environment. In SMU HACNet Lab Southern Methodist University Dallas.

Google Scholar

[4]

M. Aburrous, M. A. Hossain, F. Thabatah, and K. Dahal. 2008. Intelligent phishing website detection system using fuzzy techniques. In Proceedings of the 3rd International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA’08). IEEE.

Google Scholar

[5]

A. Adelsbach, S. Gajek, and J. Schwenk. 2005. Visual spoofing of SSL protected web sites and effective countermeasures. In Information Security Practice and Experience. Springer, Berlin, 204--216.

Digital Library

Google Scholar

[6]

A. Aggarwal, A. Rajadesingan, and P. Kumaraguru. 2012. PhishAri: Automatic realtime phishing detection on twitter. In eCrime Researchers Summit (eCrime). IEEE, 1--12.

Google Scholar

[7]

P. Agten, W. Joosen, F. Piessens, and N. Nikiforakis. 2015. Seven months’ worth of mistakes: A longitudinal study of typosquatting abuse. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS’15).

Google Scholar

[8]

A. Algarni, Y. Xu, T. Chan, and Y. C. Tian. 2013. Social engineering in social networking sites: Affect-based model. In Proceedings of the 8th International Conference on Internet Technology and Secured Transactions (ICITST’13). IEEE, 508--515.

Google Scholar

[9]

S. M. Ali. 2014. Integration of information security essential controls into information technology infrastructure library - A proposed framework. International Journal of Applied 4, 1.

Google Scholar

[10]

L. Alvisi, A. Clement, A. Epasto, S. Lattanzi, and A. Panconesi. 2013. SoK: The evolution of sybil defense via social networks. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 382--396.

Digital Library

Google Scholar

[11]

B. Anderson and B. Anderson. 2010. Seven Deadliest USB Attacks. Syngress.

Digital Library

Google Scholar

[12]

B. B. Anderson, C. B. Kirwan, J. L. Jenkins, D. Eargle, S. Howard, and A. Vance. 2013. How polymorphic warnings reduce habituation in the braininsights from an fMRI study. In Proceedings of of CHI15.

Digital Library

Google Scholar

[13]

G. N. A. Arachchilage, S. Love, and M. Scott. 2012. Designing a mobile game to teach conceptual knowledge of avoiding phishing attacks. International Journal for e-Learning Security 2, 2, 127--132.

Crossref

Google Scholar

[14]

Arstechnica. 2014. Phishing scam that penetrated Wall Street just might work against you, too. Retrieved from http://arstechnica.com/security/2014/12/phishing-scam-that-penetrated-wall-street-just-might-work-against-you-too/.

Google Scholar

[15]

B. Atkins and W. Huang. 2013. A study of social engineering in online frauds. Open Journal of Social Sciences 1, 3, 23--32.

Crossref

Google Scholar

[16]

T. Bakhshi, M. Papadaki, and S. Furnell. 2009. Social engineering: Assessing vulnerabilities in practice. Information Management and Computer Security 17, 1, 53--63.

Crossref

Google Scholar

[17]

M. T. Banday, J. A. Qadri, and N. A. Shah. 2009. Study of Botnets and Their Threats to Internet Security. Retrieved from http://sprouts.aisnet.org/594/1/Botnet_Sprotus.pdf.

Google Scholar

[18]

A. Barth, C. Jackso, C. Reis, and TGC Team. 2008. The Security Architecture of the Chromium Browser. Retrieved from http://seclah.stanford.edu/websec/chromium.

Google Scholar

[19]

R. Basnet, S. Mukkamala, and A. H. Sung. 2008. Detection of phishing attacks: A machine learning approach. In Soft Computing Applications in Industry. Springer, Berlin, 373--383.

Google Scholar

[20]

A. Bergholz, J. De Beer, S. Glahn, M. F. Moens, G. Paa, and S. Strobel. 2010. New filtering approaches for phishing email. Journal of Computer Security 18, 1, 7--35.

Digital Library

Google Scholar

[21]

A. Bergholz, J. H. Chang, G. Paa, F. Reichartz, and S. Strobel. 2008. Improved phishing detection using model-based features. In CEAS.

Google Scholar

[22]

T. Bhardwaj, K. T. Sharma, and M. R. Pandit. 2014. Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In Proceedings of the 3rd International Conference on Soft Computing for Problem Solving. Springer, 355--363.

Google Scholar

[23]

A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna. 2015. What the app is that? Deception and countermeasures in the Android user interface. In Proceedings of the 36th IEEE Symposium on Security and Privacy. IEEE.

Google Scholar

[24]

L. Bilge and T. Dumitras. 2012. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, Vol. 10. ACM, 833--944.

Digital Library

Google Scholar

[25]

G. S. Bindra. 2011. Masquerading as a trustworthy entity through portable document file (PDF) format. In Privacy, Security, Risk and Trust (PASSAT). IEEE, 784--789.

Google Scholar

[26]

T. Blasing, L. Batyuk, A. D. Schmidt, S. A. Camtepe, and S. Albayrak. 2010. An Android application sandbox system for suspicious software detection. In Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, 55--62.

Google Scholar

[27]

A. Boileau. 2006. Hit by a Bus: Physical Access Attacks with Firewire. Retrieved from http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf.

Google Scholar

[28]

Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. 2011. The socialbot network: When bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 93--102.

Digital Library

Google Scholar

[29]

Y. Boshmaf, I. Muslukhov, and K. Beznosov M. Ripeanu. 2012. Key challenges in defending against malicious socialbots. In Proceedings of the 5th USENIX Conference on Large-scale Exploits and Emergent Threats (LEET’12).

Digital Library

Google Scholar

[30]

E. F. Brickell, J. F. Cihula, C. D. Hall, and R. Uhlig. 2011. Method of improving computer security through sandboxing. US Patent No. 7,908,653. (2011).

Google Scholar

[31]

J. M. Briones, M. A. Coronel, and P. Chavez-Burbano. 2013. Case of study: Identity theft in a university WLAN evil twin and cloned authentication web interface. In Proceedings of the 2013 World Congress on Computer and Information Technology (WCCIT’13). IEEE, 1--4.

Google Scholar

[32]

A. Calder and S. Watkins. 2010. IT Governance: An International Guide to Data Security and ISO27001/ISO27002. Kogan Page Publishers.

Digital Library

Google Scholar

[33]

A. Calder and S. Watkins. 2014. Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology (NIST) and United States of America.

Digital Library

Google Scholar

[34]

F. Callegati, W. Cerroni, and M. Ramilli. 2009. Man-in-the-middle attack to the HTTPS protocol. IEEE Security and Privacy 7, 1, 78--81.

Digital Library

Google Scholar

[35]

CESG. 2015. Common Cyber Attacks: Reducing the Impact. Retrieved from https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact. pdf.

Google Scholar

[36]

B. Chaffin. 2014. Someone Targets Hong Kong Protesters Using Jailbroken iPhones with Malware. Retrieved from http://www.macobserver.com/tmo/article/someone-targets-hong-kong-protesters-using-jailbroken-iphones-with-malware.

Google Scholar

[37]

M. Chandrasekaran, K. Narayanan, and S. Upadhyaya. 2006. Phishing email detection based on structural properties. In Proceedings of the NYS Cyber Security Conference. 1--7.

Google Scholar

[38]

T. M. Chen. 2003. Trends in viruses and worms. The Internet Protocol Journal 6, 3, 23--33.

Google Scholar

[39]

N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell. 2004. Client-side defense against web-based identity theft. In NDSS.

Google Scholar

[40]

M. Christodorescu and S. Jha. 2004. Testing malware detectors. ACM SIGSOFT Software Engineering Notes 29, 4, 34--44.

Digital Library

Google Scholar

[41]

Chromium. 2015. The Chromium Projects—Sandbox. Retrieved from http://www.chromium.org/developers/design-documents/sandbox.

Google Scholar

[42]

G. Cluley. 2011. A 419 Scam via Snail Mail. Naked Security. Retrieved December 10th, 2013 from http://nakedsecurity.sophos.com/2011/05/30/a-419-scam-via-snail-mail.

Google Scholar

[43]

Z. Coburn and G. Marra. 2008. Realboy Believable Twitter Bots. Retrieved from http://ca.olin.edu/2008/realboy/.

Google Scholar

[44]

C. Colwill. 2009. Human factors in information security: The insider threat: Who can you trust these days? Information Security Technical Report 14, 4, 186--196.

Digital Library

Google Scholar

[45]

Comodo. 2015. Demo of a URL-Bar Spoofing Attack. Retrieved from http://www.contentverification.com/graphic-attacks/demo/.

Google Scholar

[46]

B. D. Cone, C. E. Irvine, M. F. Thompson, and T. D. Nguyen. 2007. A video game for cyber security training and awareness. Computer and Security 26, 1, 63--72.

Digital Library

Google Scholar

[47]

L. Corrons. 2010. The business of rogueware. In Web Application Security, vol. 72. 7.

Crossref

Google Scholar

[48]

M. Cova, C. Kruegel, and G. Vigna. 2010. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web. ACM, 281--290.

Digital Library

Google Scholar

[49]

CPNI. 2013. Social Engineering: Understanding the Threat. Retrieved from http://www.cpni.gov.uk/documents/publications/2013/2013065-social-engineering.pdf?epslanguage=en-gb.

Google Scholar

[50]

Darknet. 2015. EvilAP Defender Detect Evil Twin Attacks. Retrieved from http://www.darknet.org.uk/2015/04/evilap-defender-detect-evil-twin-attacks/.

Google Scholar

[51]

B. Desmond, J. Richards, R. Allen, and A. G. Lowe-Norris. 2008. Active Directory: Designing, Deploying, and Running Active Directory. O’Reilly Media.

Digital Library

Google Scholar

[52]

R. Dhamija, D. J. Tygar, and M. Hearst. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM.

Digital Library

Google Scholar

[53]

R. Dhanalakshmi and C. Chellappan. 2010. Detection and recognition of file masquerading for e-mail and data security. In Recent Trends in Network Security and Applications. Springer, Berlin, 253--262.

Google Scholar

[54]

C. Dhinakaran, J. K. Lee, and D. Nagamalai. 2009. “Reminder: Please update your details”: Phishing trends. In Proceedings of the 1st International Conference on Networks and Communications (NETCOM’09). IEEE, 295--300.

Digital Library

Google Scholar

[55]

C. Dietrich. 2013. Identification and Recognition of Remote-Controlled Malware. Ph.D. Dissertation. Universittsbibliothek Mannheim.

Google Scholar

[56]

S. Dong-Her, C. Hsiu-Sen, C. Chun-Yuan, and B. Lin. 2011. Internet security: Malicious e-mails detection and protection. Industrial Management and Data Systems 104, 7, 613--623.

Crossref

Google Scholar

[57]

A. Doupe, M. Egele, B. Caillat, G. Stringhini, G. Yakin, A. Zand, and G. Vigna. 2011. Hit’em where it hurts: A live security exercise on cyber situational awareness. In Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 51--61.

Digital Library

Google Scholar

[58]

C. E. Drake, J. O. Jonathan, and J. K. Eugene. 2004. Anatomy of a phishing email. In CEAS.

Google Scholar

[59]

H. Drucker, S. Wu, and V. N. Vapnik. 1999. Support vector machines for spam categorization. IEEE Transactions on Neural Networks 10, 5, 1048--1054.

Digital Library

Google Scholar

[60]

P. Ducklin. 2014. Anatomy of an Android SMS Virus—Watch Out for Text Messages, Even from Your Friends&excl; Retrieved from https://nakedsecurity.sophos.com/2014/06/29/anatomy-of-an-android-sms-virus-watch-out-for-text-messages-even-from-your-friends/.

Google Scholar

[61]

L. Duflot, Y. A. Perez, and B. Morin. 2011. What if you can’t trust your network card? In Recent Advances in Intrusion Detection. Springer, Berlin 378--397.

Digital Library

Google Scholar

[62]

M. Eeckhaut and N. Vanhecke. 2014. De Standaard: Belgian Professor in Cryptography Hacked. Retrieved from http://www.standaard.be/cnt/dmf20140201_011.

Google Scholar

[63]

M. Egele, D. Brumley Y. Fratantonio, and C. Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. ACM, 73--84.

Digital Library

Google Scholar

[64]

M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda. 2008. Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Berlin, 88--106.

Digital Library

Google Scholar

[65]

M. Eminagaoglu, E. Ucar, and S. Eren. 2009. The positive outcomes of information security awareness training in companies A case study. Information Security Technical Report 14, 4, 223--229.

Digital Library

Google Scholar

[66]

D. Emm. 2005. The changing face of malware. In Proceedings of the IWWST.

Google Scholar

[67]

A. P. Felt and D. Wagner. 2011. Phishing on Mobile Devices. In W2SP.

Google Scholar

[68]

I. Fette, N. Sadeh, and A. Tomasic. 2007. Learning to detect phishing emails. In Proceedings of the 16th International Conference on World Wide Web. ACM, 649--656.

Digital Library

Google Scholar

[69]

FirstCyberSecurity. 2009. Protecting Your Brand Online and Creating Customer Confidence. Retrieved from http://www.firstcybersecurity.com/main/IPRiskMReview.pdf.

Google Scholar

[70]

D. Fisher. 2015. Massive, Decades-Long Cyber Espionage Framework Uncovered. Retrieved from http://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080d.

Google Scholar

[71]

C. Foozy, R. Ahmad, M. Abdollah, R. Yusof, and M. Zaki. 2011. Generic taxonomy of social engineering attack. In Proceedings of the Malaysian Technical Universities International Conference on Engineering and Technology. 527--533.

Google Scholar

[72]

S. Ford, M. Cova, C. Kruegel, and G. Vigna. 2009. Analyzing and detecting malicious flash advertisements. In Proceedings of the Annual Computer Security Applications Conference (ACSAC'09). IEEE, 363--372.

Digital Library

Google Scholar

[73]

E. D. Frauenstein and R. von Solms. 2013. An enterprise anti-phishing framework. In Information Assurance and Security Education and Training. Springer Berlin Heidelberg, 196--203.

Google Scholar

[74]

S. Garera, N. Provos, M. Chew, and A. D. Rubin. 2007. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM Workshop on Recurring Malcode. ACM, 1.

Digital Library

Google Scholar

[75]

D. Gavrilut, M. Cimpoesu, D. Anton, and L. Ciortuz. 2009. Malware detection using machine learning. In Proceedings of the International Multiconference on Computer Science and Information Technology (IM-CSIT’09). IEEE, 735--741.

Google Scholar

[76]

A. Gazet. 2010. Comparative analysis of various ransomware virii. Journal in Computer Virology 6, 1, 77--90.

Crossref

Google Scholar

[77]

J. Giles. 2010. Scareware the inside story. New Scientist, Article 205, 2753, 38--41.

Google Scholar

[78]

GOVUK. 2015. 10 Steps to Cyber Security. Retrieved from https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary.

Google Scholar

[79]

C. Greamo and A.Ghosh. 2011. Sandboxing and virtualisation: Modern tools for combating malware. In Security and Privacy,9, 2, 79--82.

Digital Library

Google Scholar

[80]

S. Guillaume, H. Carlo, A. Matthieu, J. Marianne, and M. Romain. 2014. RISK-DET: ICT security awareness aspect combining education and cognitive sciences. In Proceedings of the 9th International Multi-Conference on Computing in the Global Information Technology (ICCGI’14). 51--53.

Google Scholar

[81]

I. Gulenko. 2013. Social against social engineering: Concept and development of a Facebook application to raise security and risk awareness. Information Management and Computer Security 21, 2, 91--101.

Crossref

Google Scholar

[82]

T. Halevi, N. Memon, and O. Nov. 2015. Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstact_id=2544742.

Google Scholar

[83]

M. Hara, A. Yamada, and Y. Miyake. 2009. Visual similarity-based phishing detection without victim site information. In Proceedings of the IEEE Symposium on Computational Intelligence in Cyber Security (CICS’09). IEEE, 30--36.

Google Scholar

[84]

M. Hasan and N. B. Prajapati. 2009. An attack vector for deception through persuasion used by hackers and crackers. In Proceedings of the 1st International Conference on Networks and Communications (NETCOM’09). IEEE, 254--258.

Digital Library

Google Scholar

[85]

R. Heartfield and G. Loukas. 2013. On the feasibility of automated semantic attacks in the cloud. In Computer and Information Sciences III. Springer, London, 343--351.

Google Scholar

[86]

G. Hinson. 2008. Social engineer techniques, risks and controls. The EDP Audit, Control and Security Newsletter 37, 4--5, 32--46.

Digital Library

Google Scholar

[87]

J. Hong. 2012. The state of phishing attacks. Communications of the ACM, 55, 1, 74--81.

Digital Library

Google Scholar

[88]

F. Howard and O. Komili. 2010. Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware. Sophos Technical Papers (2010). https://www.sophos.com/medialibrary/PDFs/technical&percnt;20papers/sophosseoinsights.pdf.

Google Scholar

[89]

H. Huang, S. Zhong, and J. Tan. 2009. Browser-side countermeasures for deceptive phishing attack. In Proceedings of the 5th International Conference on Information Assurance and Security (IAS’09), Vol. 1. IEEE.

Digital Library

Google Scholar

[90]

M. Huber, M. Mulazzani, and E. Weipp. 2010. Who on earth is Mr. Cypher: Automated friend injection attacks on social networking sites. In Security and Privacy Silver Linings in the Cloud. Springer, Berlin, 80--89.

Google Scholar

[91]

H. Hwang, G. Jung, K. Sohn, and S. Park. 2008. A study on MITM (man in the middle) vulnerability in wireless network using 802.1 X and EAP. In Information Science and Security (ICISS). IEEE, 164--170.

Digital Library

Google Scholar

[92]

Invincea. 2014. Sandboxie. Retrieved from http://www.sandboxie.com/.

Google Scholar

[93]

ISACA. 2012. COBIT 5 for Information Security.

Digital Library

Google Scholar

[94]

K. Ivaturi and L. Janczewski. 2011. A taxonomy for social engineering attacks. In CONF-IRM Proceedings.

Google Scholar

[95]

J. R. Jacobs. 2011. Measuring the Effectiveness of the USB Flash Drive as a Vector for Social Engineering Attacks on Commercial and Residential Computer Systems. Master’s thesis. Embry-Riddle Aeronautical University.

Google Scholar

[96]

T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. 2007. Social phishing. Communications of the ACM 50, 10, 49--51.

Digital Library

Google Scholar

[97]

W. Jansen and T. Grance. 2011. Guidelines on security and privacy in public cloud computing. NIST Special Publication 800 (2011). http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf.

Google Scholar

[98]

J. Corbetta, L. Invernizzi, C. Kruegel, and G. Vigna. 2014. Eyes of a human, eyes of a program: Leveraging different views of the web for analysis and detection. In Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID’14). Springer, 130--149.

Google Scholar

[99]

M. E. Johnson, D. McGuire, and N. D. Willey. 2008. The evolution of the peer-to-peer file sharing industry and the security risks for users. In Proceedings of the 41st Annual Hawaii International Conference on System Sciences. IEEE, 383--383.

Digital Library

Google Scholar

[100]

M. Jordan and G. Heather. 2005. The signs, signifiers and semiotics of the successful semantic attack. In Proceedings of the 14th Annual EICAR Conference. 344--364.

Google Scholar

[101]

A. Kalafut, A. Acharya, and M. Gupta. 2006. A study of malware in peer-to-peer networks. In Proceedings of 6th ACM SIGCOMM Conference on Internet Measurement. ACM, 327--332.

Digital Library

Google Scholar

[102]

KeeLog. 2015. KeeLog Key Grabber Internal Module PS2 2GB. Retrieved from https://www.keelog.com/.

Google Scholar

[103]

I. Kirlappos and M. A Sasse. 2012. Security education against phishing: A modest proposal for a major rethink. IEEE Security and Privacy Magazine 10, 2, 24--32.

Digital Library

Google Scholar

[104]

A. Konak and M. Bartolacci. 2012. Broadening E-commerce information security education using virtual computing technologies. In Proceedings of the 2012 Networking and Electronic Commerce Research Conference.

Google Scholar

[105]

B. Krishna. 2011. Malicious emails masquerade as office printer messages. Symantec Connect Blog - Symantec Intelligence.ONLINE. Retrieved from http://www.symantec.com/connect/blogs/malicious-emails-masquerade-office-printer-messages-0.

Google Scholar

[106]

E. Kritzinger and S. H. von Solms. 2010. Cyber security for home users: A new way of protection through awareness enforcement. Computer and Security 29, 8, 840--847.

Digital Library

Google Scholar

[107]

A. H. Kruger and D. K. Wayne. 2006. A prototype for assessing information security awareness. Computers and Security 25, 4, 289--296.

Digital Library

Google Scholar

[108]

R. Kuipers, E. Starck, and H. Heikkinen. 2010. Smart TV Hacking: Crash Testing Your Home Entertainment. Retrieved from http://www.codenomicon.com/resources/whitepapers/codenomicon-wp-smart-tv- fuzzing.pdf.

Google Scholar

[109]

P. Kumaraguru. 2009. PhishGuru: A System for Educating Users About Semantic Attacks. Ph.D. Dissertation. Carnegie Mellon University.

Digital Library

Google Scholar

[110]

T. Lauinger, V. Pankakoski, D. alzarotti, and E. Kirda. 2010. Honeybot, your man in the middle for automated social engineering. In Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’10).

Digital Library

Google Scholar

[111]

B. Laurie and A. Laurie. 2003. Serious flaws in Bluetooth security lead to disclosure of personal data. A.L. Digital Ltd. Technical report. http://bluestumbler.org/.

Google Scholar

[112]

N. Leavitt. 2005. Instant messaging: A new target for hackers. Computer 38, 7, 20--23.

Digital Library

Google Scholar

[113]

J. Lee, L. Bauer, and M. L. Mazurek. 2015. The effectiveness of security images in Internet banking. IEEE Internet Computing 19, 1, 54--62.

Digital Library

Google Scholar

[114]

K. Lee, J. Caverlee, and S. Webb. 2010. The social honeypot project: Protecting online communities from spammers. In Proceedings of the 19th International Conference on World Wide Web. ACM.

Digital Library

Google Scholar

[115]

S. Lee and J. Kim. 2012. WarningBird: Detecting suspicious URLs in Twitter stream. In NDSS.

Google Scholar

[116]

X. Leroy. 2001. Java bytecode verification: An overview. In Computer Aided Verification. Springer, Berlin.

Digital Library

Google Scholar

[117]

Z. Li, S. Alrwais, Y. Xie, F. Yu, and X. Wang. 2013. Finding the linchpins of the dark web: A study on topologically dedicated hosts on malicious web infrastructures. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 112--126.

Digital Library

Google Scholar

[118]

Z. Li, K. Zhang, Y. Xie, F. Yu, and X. Wang. 2012. Knowing your enemy: Understanding and detecting malicious web advertising. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM.

Digital Library

Google Scholar

[119]

E. Lin, S. Greenberg, E. Trotter, D. Ma, and J. Aycock. 2011. Does domain highlighting help people identify phishing sites? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2075--2084.

Digital Library

Google Scholar

[120]

G. Loukas. 2015. Cyber-Physical Attacks: A Growing Invisible Threat. Butterworth-Heinemann (Elsevier).

Digital Library

Google Scholar

[121]

L. Lu, R. Perdisci, and W. Lee. 2011. Surf: Detecting and measuring search poisoning. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 467--476.

Digital Library

Google Scholar

[122]

L. Lu, V. Yegneswaran, P. Porras, and W. Lee. 2010. Blade: An attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 440--450.

Digital Library

Google Scholar

[123]

G. Madlmayr, J. Langer, C. Kantner, and J. Scharinger. 2008. NFC devices: Security and privacy. In Availability, Reliability and Security (ARES’08). IEEE, 642--647.

Digital Library

Google Scholar

[124]

M. Mannan and P. C. van Oorschot. 2005. On instant messaging worms, analysis and countermeasures. In Proceedings of the 2005 ACM Workshop on Rapid Malcode. ACM, 2--11.

Digital Library

Google Scholar

[125]

C. Marforio, F. Aurelien, and S. Capkun. 2011. Application Collusion Attack on the Permission-based Security Model and Its Implications for Modern Smartphone Systems. Report 724. Technical Report.

Google Scholar

[126]

N. P. P. Mavromatis and M. A. R. F. Monrose. 2008. All your iframes point to us. In USENIX Security Symposium. USENIX, 1--16.

Digital Library

Google Scholar

[127]

K. F. McCrohan, K. Engel, and J. W. Harvey. 2010. Influence of awareness and training on cyber security. Journal of Internet Commerce 9, 1, 23--41.

Crossref

Google Scholar

[128]

Microsoft. 2007. The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control. Retrieved from https://msdn.microsoft.com/en-us/library/aa905330.aspx.

Google Scholar

[129]

M. Wu, R. C. Miller, and S. L. Garfinkel. 2006. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 601--610.

Digital Library

Google Scholar

[130]

K. Mitnick and W. L. Simon. 2001. The Art of Deception: Controlling the Human Element of Security. Wiley.

Digital Library

Google Scholar

[131]

S. Motiee, K. Hawkey, and K. Beznosov. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the 6th Symposium on Usable Privacy and Security. ACM.

Digital Library

Google Scholar

[132]

Mozilla Firefox. 2015. Mozilla Wiki—Security/Sandbox. Retrieved from https://wiki.mozilla.org/Security/Sandbox.

Google Scholar

[133]

H. Xu, N. Wang, and J. Grossklags. 2011. Third-party apps on Facebook: Privacy and the illusion of control. In Proceedings of the 5th ACM Symposium on Computer Human Interaction for Management of Information Technology. ACM.

Digital Library

Google Scholar

[134]

B. C. Neuman and T. Ts’o. 1994. Kerberos: An authentication service for computer networks. Communications Magazine 32, 9, 33--38.

Digital Library

Google Scholar

[135]

A. Neupane, N. Saxena, K. Kuruvilla, M. Georgescu, and R. Kana. 2014. Neural signatures of user-centered security: An fMRI study of phishing, and malware warnings. In Proceedings of the Network and Distributed System Security Symposium. 1--16.

Google Scholar

[136]

K. Nohl and J. Lehl. 2014. BadUSBOn accessories that turn evil. In Black Hat USA.

Google Scholar

[137]

H. Orman. 2009. The compleat story of phish. IEEE Internet Computing 17, 1, 87--91.

Digital Library

Google Scholar

[138]

Qubes OS. 2015. Qubes OS Project. Retrieved from https://www.qubes-os.org/.

Google Scholar

[139]

A. Acquisti, L. F. Cranor, J. Hong, P. Kumaraguru, Y. Rhee, and E. Nunge. 2007. Protecting people from phishing: The design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM.

Digital Library

Google Scholar

[140]

Pierluigi Paganini. 2014. Phishing goes mobile with cloned banking app into Google Play. Retrieved from http://securityaffairs.co/wordpress/26134/cyber-crime/phishing-goes-mobile-cloned-banking-app-google-play.html.

Google Scholar

[141]

R. T. Peltier. 2013. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. CRC Press.

Google Scholar

[142]

D. S. Peterson, M. Bishop, and R. Pandey. 2002. A flexible containment mechanism for executing untrusted code. In Proceedings of the 11th USENIX Security Symposium. IEEE, 207--225.

Digital Library

Google Scholar

[143]

L. Phifer. 2000. Top Ten Wi-Fi Security Threats. Retrieved from http://www.esecurityplanet.com/views/article.php/3869221/Top-Ten-WiFi-Security-Threats.htm.

Google Scholar

[144]

A. Podhradsky, R. DOvidio, P. Engebretson, and C. Casey. 2013. Xbox 360 hoaxes, social engineering, and gamertag exploits. In Proceedings of the 2013 46th Hawaii International Conference on System Sciences (HICSS’13). IEEE, 3239--3250.

Digital Library

Google Scholar

[145]

BufferZone Pro. 2014. BufferZone-Pro. Retrieved from http://www.trustware.com/BufferZone-Pro/.

Google Scholar

[146]

N. Provos, M. A. Rajab, and P. Mavrommatis. 2009. Cybercrime 2.0: When the cloud turns dark. Communications of the ACM 52, 4, 42--47.

Digital Library

Google Scholar

[147]

A. Raskin. 2011. Tabnabbing: A new type of phishing attack. Retrieved from http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/.

Google Scholar

[148]

V. Raskin, J. M. Taylor, and C. F. Hempelmann. 2010. Ontological semantic technology for detecting insider threat and social engineering. In Proceedings of the 2010 Workshop on New Security Paradigms. ACM.

Digital Library

Google Scholar

[149]

G. W. Romney, J. K. Jones, B. L. Rogers, and P. MacCabe. 2005. IT security education is enhanced by analyzing Honeynet data. In Proceedings of the 6th International Conference on Information Technology Based Higher Education and Training (ITHET’05). IEEE.

Google Scholar

[150]

I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. 2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In Proceedings of the 19th USENIX Security Symposium.

Digital Library

Google Scholar

[151]

RSA. 2012. Lions at the Watering Hole the VOHO Affair. Retrieved from https://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair/.

Google Scholar

[152]

M. Ruskov, P. Ekblom, and M. A. Sasse. 2014. Towards a simulation of information security behaviour in organisations. In Cyberpatterns. Springer International Publishing, 177--184.

Google Scholar

[153]

M. B. Salem and S. J. Stolfo. 2011. Modeling user search behavior for masquerade detection. In Recent Advances in Intrusion Detection. Springer Berlin Heidelberg.

Digital Library

Google Scholar

[154]

H. Sandouka, A. J. Cullen, and I. Mann. 2009. Social engineering detection using neural networks. In Proceedings of the International Conference on CyberWorlds (CW’09). IEEE, 273--278.

Digital Library

Google Scholar

[155]

G. Schaff, C. Harpes, R. Martin, and M. Junger. 2013. An Application to Estimate the Cyber-risk Detection Skill of Mobile Device Users (IDEA). Retrieved from http://doc.utwente.nl/87117/1/SCHAFF_itrust-scientific_article_GSC_(3).pdf.

Google Scholar

[156]

S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. 2007. The emperor’s new security indicators. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 51--65.

Digital Library

Google Scholar

[157]

B. Schneier. 2000. Inside risks: Semantic network attacks. Communications of the ACM 43, 12, 168.

Digital Library

Google Scholar

[158]

B. Schneier. 2011. Secrets and Lies: Digital Security in a Networked World. Wiley.

Digital Library

Google Scholar

[159]

C. Seifert, J. W. Stokes, C. Colcernian, J. C. Platt, and L. Lu. 2013. Robust scareware image detection. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2920--2924.

Google Scholar

[160]

K. Selvaraj and N. F. Gutierrez. 2010. The rise of PDF malware. Symantec Security Response. (2010).

Google Scholar

[161]

SensePost. 2014. Snoopy. Retrieved from https://github.com/sensepost/Snoopy.

Google Scholar

[162]

V. Sharma. 2011. An analytical survey of recent worm attacks. In IJCSNS(11), Vol. 11, 99--103.

Google Scholar

[163]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. 2010. Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 373--382.

Digital Library

Google Scholar

[164]

S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti L. F. Cranor, J. Hong, and E. Nunge. 2007. Anti-phishing phil: The design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, 88--99.

Digital Library

Google Scholar

[165]

S. Shin, J. Jung, and H. Balakrishnan. 2006. Malware prevalence in the KaZaA file-sharing network. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement. ACM.

Digital Library

Google Scholar

[166]

P. Singhal and N. Raul. 2012. Malware detection module using machine learning algorithms to assist in centralized security in enterprise networks. International Journal of Network Security Its Applications 4, 1, 6 pages.

Crossref

Google Scholar

[167]

SocialEngineer. 2013. The Power of the Uniform in Social Engineering. Naked Security. Retrieved June 22, 2013 from https://www.social-engineer.com/the-power-of-the-uniform-in-social-engineering/.

Google Scholar

[168]

Y. Song, C. Yang, and G. Gu. 2010. Who is peeping at your passwords at Starbucks? To catch an evil twin access point. In Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’10). IEEE, 323--332.

Google Scholar

[169]

A. Sood and R. Enbody. 2014. Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware. Syngress.

Digital Library

Google Scholar

[170]

K. E. Stewart, J. W. Humphries, and T. R. Andel. 2009. Developing a virtualization platform for courses in networking, systems administration and cyber security education. In Proceedings of the 2009 Spring Simulation Multiconference. Society for Computer Simulation International.

Digital Library

Google Scholar

[171]

G. Stringhini, C. Kruegel, and G. Vigna. 2013. Shady paths: Leveraging surfing crowds to detect malicious web pages. In Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security. ACM, 133--144.

Digital Library

Google Scholar

[172]

G. Stringhini and O. Thonnard. 2015. That Aint You: Blocking spearphishing through behavioral modelling. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 78--97.

Google Scholar

[173]

D. Sullivan. 2008. What Is Search Engine Spam? The Video Edition, url =. (2008).

Google Scholar

[174]

Symantec. 2014. Trojan.Ransomcrypt.I. (2014). http://www.symantec.com/security_response/writeup.jsp?docid=2014-051514-5659-99

Google Scholar

[175]

J. Szurdi, B. Kocso, G. Cseh, J. Spring, M. Felegyhazi, and C. Kanich. 2014. The long tail of typosquatting domain names. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14). USENIX, 191--206.

Digital Library

Google Scholar

[176]

M. Tavallaee, N. Stakhanova, and A. A. Ghorbani. 2010. Toward credible evaluation of anomaly-based intrusion-detection methods. In IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 40, 5, 516--524.

Digital Library

Google Scholar

[177]

P. Tetri and J. Vuorinen. 2013. Dissecting social engineering. Behaviour and Information Technology 32, 10, 1014--1023.

Digital Library

Google Scholar

[178]

K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. 2011. Design and evaluation of a real-time URL spam filtering service. In Proceedings of the IEEE Symposium on Security and Privacy (SP’11). IEEE, 447--462.

Digital Library

Google Scholar

[179]

P. Thompson. 2007. Deception as a semantic attack. Chapman and Hall/CRC, Chapter 2.2, 125--144.

Google Scholar

[180]

TrendMicro. 2014. Malaysia Airlines Flight 370 News Used To Spread Online Threats. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/malaysia-airlines-flight-370-news-used-to-spread-online-threats/.

Google Scholar

[181]

B. Turner, D. Lundell, J. Zamora, and C. Calderon. 2010. Microsoft Forefront Identity Manager 2010 Technical Overview. Technical Report. Retrieved from http://download.microsoft.com/download/0/8/4/0846D14C-B2D5-4BEA-9061-311BBF5BB76B/FIM&precnt;202010&precnt;20Technical&precnt;20Overview.docx.

Google Scholar

[182]

US-CERT. 2015. Lenovo Computers Vulnerable to HTTPS Spoofing. Retrieved from https://www.us-cert.gov/ncas/current-activity/2015/02/20/Lenovo-Computers-Vulnerable-HTTPS-Spoofing.

Google Scholar

[183]

I. Burke, W. A. Labuschagne, N. Veerasamy, and M. M. Eloff. 2011. Design of cyber security awareness game utilizing a social media framework. In Information Security South Africa (ISSA). IEEE.

Google Scholar

[184]

Webroot. 2013. Webroot Real-Time Anti-Phishing Service. Retrieved from http://www.webroot.com/shared/pdf/WAP-Anti-Phishing-102013.pdf.

Google Scholar

[185]

G. Xiang, J. Hong, C. P. Rose, and L. Cranor. 2011. CANTINA+: A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC) 14, 2, Article 21.

Digital Library

Google Scholar

[186]

H. Xiao and B. Zhao. 2013. Analysis on sandbox technology of adobe reader X. In Proceedings of the 5th International Conference on Computational and Information Sciences (ICCIS’13). IEEE.

Digital Library

Google Scholar

[187]

K. P. Yee. 2005. Guidelines and Strategies for Secure Interaction Design. Chapter 13, 247--273. Retrieved from http://sid.toolness.org/ch13yee.pdf.

Google Scholar

Cited By

View all

Alsuwit MHaq MAleisa M(2024)Advancing Email Spam Classification using Machine Learning and Deep Learning TechniquesEngineering, Technology & Applied Science Research10.48084/etasr.763114:4(14994-15001)Online publication date: 2-Aug-2024
https://doi.org/10.48084/etasr.7631
Aburbeian AFernández-Veiga M(2024)Secure Internet Financial Transactions: A Framework Integrating Multi-Factor Authentication and Machine LearningAI10.3390/ai50100105:1(177-194)Online publication date: 10-Jan-2024
https://doi.org/10.3390/ai5010010
Kushwaha ASingh PWaoo A(2024)REVIEW ON SOCIAL ENGINEERING ATTACKS AND DEFENSE MECHANISMSShodhKosh: Journal of Visual and Performing Arts10.29121/shodhkosh.v5.i5.2024.18875:5Online publication date: 31-May-2024
https://doi.org/10.29121/shodhkosh.v5.i5.2024.1887
Show More Cited By

Index Terms

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
A new and comprehensive taxonomy of DDoS attacks and defense mechanism
ISP'07: Proceedings of the 6th WSEAS international conference on Information security and privacy

Distributed denial of services (DDoS) is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. Moreover, its serious damage has been increased, the detection and defense of ...
Social Engineering Attacks During the COVID-19 Pandemic
Abstract
The prevailing conditions surrounding the COVID-19 pandemic has shifted a variety of everyday activities onto platforms on the Internet. This has led to an increase in the number of people present on these platforms and also led to jump in the ...

Reviews

Reviewer: Eduardo B. Fernandez

Social engineering attacks include a large variety of ways to manipulate and deceive users. A specific type is semantic attacks that deceive rather than directly attack a user. We find here a taxonomy and description of semantic attacks indicating possible defenses. The taxonomy is based on analyzing how an attack handles the three distinct stages of an attack: orchestration, exploitation, and execution. These are well-chosen subgroups that provide a clear picture about the nature of the attacks and allow grouping of all the known attacks of this type. A more general (in scope) threat classification uses threat patterns providing detailed descriptions of how the attacks reach their goals, and it is complementary to the one given here. Four examples illustrate the classification, followed by a table describing 30 attacks that have been found on the web. This is followed by a discussion of defense mechanisms, consisting of organizational and technical aspects. An attack and defense matrix summarizes this information, providing a mapping of defenses against semantic attacks. The paper ends with a section indicating open problems. Overall, this is a very useful paper that provides a clear perspective of what we know about semantic attacks and what we need to study further. Because semantic attacks have many aspects in common with other types of attacks, this paper is highly recommended for anybody doing research on security threats as well as for architects and developers who have to build or evaluate secure systems. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ACM Computing Surveys Volume 48, Issue 3

February 2016

619 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/2856149

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2015

Accepted: 01 September 2015

Revised: 01 September 2015

Received: 01 September 2014

Published in CSUR Volume 48, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

112
Total Citations
View Citations
4,357
Total Downloads

Downloads (Last 12 months)300
Downloads (Last 6 weeks)15

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Alsuwit MHaq MAleisa M(2024)Advancing Email Spam Classification using Machine Learning and Deep Learning TechniquesEngineering, Technology & Applied Science Research10.48084/etasr.763114:4(14994-15001)Online publication date: 2-Aug-2024
https://doi.org/10.48084/etasr.7631
Aburbeian AFernández-Veiga M(2024)Secure Internet Financial Transactions: A Framework Integrating Multi-Factor Authentication and Machine LearningAI10.3390/ai50100105:1(177-194)Online publication date: 10-Jan-2024
https://doi.org/10.3390/ai5010010
Kushwaha ASingh PWaoo A(2024)REVIEW ON SOCIAL ENGINEERING ATTACKS AND DEFENSE MECHANISMSShodhKosh: Journal of Visual and Performing Arts10.29121/shodhkosh.v5.i5.2024.18875:5Online publication date: 31-May-2024
https://doi.org/10.29121/shodhkosh.v5.i5.2024.1887
Ma YDobbie GArachchilage N(2024)Combating Phishing in the Age of Fake News: A Novel Approach with Text-to-Text Transfer TransformerProceedings of the 1st Workshop on Security-Centric Strategies for Combating Information Disorder10.1145/3660512.3665523(1-7)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3660512.3665523
Burda PAllodi LZannone N(2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
https://dl.acm.org/doi/10.1145/3635149
Shen XLu YCheng ZMao ZYang ZQin J(2024)Reconstructing images with attention generative adversarial network against adversarial attacksJournal of Electronic Imaging10.1117/1.JEI.33.3.03302933:03Online publication date: 1-May-2024
https://doi.org/10.1117/1.JEI.33.3.033029
Femi-Oyewole FOsamor VOkunbor D(2024)A Systematic Review of Social Engineering Attacks & Techniques: The Past, Present, and Future2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG)10.1109/SEB4SDG60871.2024.10629836(1-12)Online publication date: 2-Apr-2024
https://doi.org/10.1109/SEB4SDG60871.2024.10629836
Skula IKvet M(2024)URL and Domain Obfuscation Techniques - Prevalence and Trends Observed on Phishing Data2024 IEEE 22nd World Symposium on Applied Machine Intelligence and Informatics (SAMI)10.1109/SAMI60510.2024.10432841(000283-000290)Online publication date: 25-Jan-2024
https://doi.org/10.1109/SAMI60510.2024.10432841
Longtchi TRodriguez RAl-Shawaf LAtyabi AXu S(2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
https://doi.org/10.1109/JPROC.2024.3379855
Eisele LApruzzese G(2024)“Hey Players, there is a problem…”: On Attribute Inference Attacks against Videogamers2024 IEEE Conference on Games (CoG)10.1109/CoG60054.2024.10645677(1-8)Online publication date: 5-Aug-2024
https://doi.org/10.1109/CoG60054.2024.10645677
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

A new and comprehensive taxonomy of DDoS attacks and defense mechanism

Social Engineering Attacks During the COVID-19 Pandemic

Reviews

Access critical reviews of Computing literature here