Abstract
Chat-based Social Engineering (CSE) is widely recognized as a key factor to successful cyber-attacks, especially in small and medium-sized enterprise (SME) environments. Despite the interest in preventing CSE attacks, few studies have considered the specific features of the language used by the attackers. This work contributes to the area of early-stage automated CSE attack recognition by proposing an approach for building and annotating a specific-purpose corpus and presenting its application in the CSE domain. The resulting CSE corpus is then evaluated by training a bi-directional long short-term memory (bi-LSTM) neural network for the purpose of named entity recognition (NER). The results of this study emphasize the importance of adding a plethora of metadata to a dataset to provide critical in-context features and produce a corpus that broadens our understanding of the tactics used by social engineers. The outcomes can be applied to dedicated cyber-defence mechanisms utilized to protect SME employees using Electronic Medium Communication (EMC) software.
Highlights
SMEs remain one of the most popular targets for cyber-attacks
The application of the proposed methodology is presented in the first two sub-sections followed by the presentation of the resulting Chat-based Social Engineering (CSE) corpus
We have presented a methodology to build and annotate a CSE corpus
Summary
SMEs remain one of the most popular targets for cyber-attacks. It is a fact that employees nowadays are extensively using Information and Communication Technologies (ICT) and especially Electronic Medium Communication (EMC) software for almost every aspect of their daily activities. Researchers performed several successful classifications of the social engineering attacks [2,3,4] based on criteria such as the entity involved, the medium used to unleash the attack or the number of steps an attack can take. All these classifications end up in finegrained taxonomies that include different methods of social engineering attacks. Verizon in [5] reports that in 2020 social engineering attacks were at 21%, the first step of every cyber-attack that led to a major data breach. Available online: https: //standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zip (accessed on 13 July 2021).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
