Abstract
Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.
Highlights
Information security and privacy are very important to personal assets, corporate properties, and even state secrets, which across the globe are facing various hacking threats
We revisited the overview of social engineering attack and identified the root problem, i.e. the human weakness
We captured two essential levels - internal characteristics of human nature and external circumstance influences - that shape the human weakness for social engineering
Summary
Information security and privacy are very important to personal assets, corporate properties, and even state secrets, which across the globe are facing various hacking threats. Due to the intelligence of blackhat community, there are many hacking techniques, such as buffer overflow, SQL injection and cross-site scripting (XSS), which can be used to attack the computer systems for accessing the sensitive information [3]. These attacks depend on exploiting the vulnerabilities of the software systems, which can be addressed by timely system update and supplementing the production system with security tools like firewall and intrusion detection system (IDS). The remainder of this paper is organized as follows: section 2 reviews the related work; section 3 provides an overview of social engineering to identify the importance of human weakness; section 4 proposes a novel I-E based model of human weakness; section 5 analyzes the SE attack techniques in terms of the I-E based model; section 6 suggests some SE defense measures; section 7 makes a conclusion
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
