Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems
Loading...
Authors
Laribee, Lena
Barnes, David S.
Rowe, Neil C.
Martell, Craig H.
Subjects
Advisors
Date of Issue
2006-06
Date
June 2006
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems
with information gained from social interactions is one form of social engineering [1]. It can be much easier to do than targeting the
complex technological protections of systems [2]. In an effort to formalize social engineering for cyberspace, we are building models
of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social
engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times
to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering.
Type
Conference Paper
Description
7th IEEE Workshop on Information Assurance, West Point, New York, June 2006
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Supported in part by NSF under the Cyber Trust Program and by the Chief of Naval Operations
Funder
Format
Citation
7th IEEE Workshop on Information Assurance, West Point, New York, June 2006
Distribution Statement
Approved for public release; distribution is unlimited.