Social Engineering Attack Classifications on Social Media Using Deep Learning

In defense-in-depth,humans have always been the weakest link in cybersecurity.However,unlike common threats,social engineering poses vulnerabilities not directly quantifiable in penetration testing.Most skilled social engineers trick users into giving up information voluntarily through attacks like phishing and adware.Social Engineering(SE)in social media is structurally similar to regular posts but contains malicious intrinsic meaning within the sentence semantic.In this paper,a novel SE model is trained using a Recurrent Neural Network Long Short Term Memory(RNN-LSTM)to identify well-disguised SE threats in social media posts.We use a custom dataset crawled from hundreds of corporate and personal Facebook posts.First,the social engineering attack detection pipeline(SEAD)is designed to filter out social posts with malicious intents using domain heuristics.Next,each social media post is tokenized into sentences and then analyzed with a sentiment analyzer before being labelled as an anomaly or normal training data.Then,we train an RNN-LSTM model to detect five types of social engineering attacks that potentially contain signs of information gathering.The experimental result showed that the Social Engineering Attack(SEA)model achieves 0.84 in classification precision and 0.81 in recall compared to the ground truth labeled by network experts.The experimental results showed that the semantics and linguistics similarities are an effective indicator for early detection of SEA.

Social Engineering Attack-Defense Strategies Based on Reinforcement Learning

Social engineering attacks are considered one of the most hazardous cyberattacks in cybersecurity,as human vulnerabilities are often the weakest link in the entire network.Such vulnerabilities are becoming increasingly susceptible to network security risks.Addressing the social engineering attack defense problem has been the focus of many studies.However,two main challenges hinder its successful resolution.Firstly,the vulnerabilities in social engineering attacks are unique due to multistage attacks,leading to incorrect social engineering defense strategies.Secondly,social engineering attacks are real-time,and the defense strategy algorithms based on gaming or reinforcement learning are too complex to make rapid decisions.This paper proposes a multiattribute quantitative incentive method based on human vulnerability and an improved Q-learning(IQL)reinforcement learning method on human vulnerability attributes.The proposed algorithm aims to address the two main challenges in social engineering attack defense by using a multiattribute incentive method based on human vulnerability to determine the optimal defense strategy.Furthermore,the IQL reinforcement learning method facilitates rapid decision-making during real-time attacks.The experimental results demonstrate that the proposed algorithm outperforms the traditional Qlearning(QL)and deep Q-network(DQN)approaches in terms of time efficiency,taking 9.1%and 19.4%less time,respectively.Moreover,the proposed algorithm effectively addresses the non-uniformity of vulnerabilities in social engineering attacks and provides a reliable defense strategy based on human vulnerability attributes.This study contributes to advancing social engineering attack defense by introducing an effective and efficient method for addressing the vulnerabilities of human factors in the cybersecurity domain.

Detecting Phishing Using a Multi-Layered Social Engineering Framework

As businesses develop and expand with a significant volume of data,data protection and privacy become increasingly important.Research has shown a tremendous increase in phishing activities during and after COVID-19.This research aimed to improve the existing approaches to detecting phishing activities on the internet.We designed a multi-layered phish detection algorithm to detect and prevent phishing applications on the internet using URLs.In the algorithm,we considered technical dimensions of phishing attack prevention and mitigation on the internet.In our approach,we merge,Phishtank,Blacklist,Blocklist,and Whitelist to form our framework.A web application system and browser extension were developed to implement the algorithm.The multi-layer phish detector evaluated ten thousandURLs gathered randomly from the internet(five thousand phishing and five thousand legitimate URLs).The system was estimated to detect levels of accuracy,true-positive and false-positive values.The system level accuracy was recorded to be 98.16%.Approximately 49.6%of the websites were detected as illegitimate,whilst 49.8%were seen as legitimate.

Systematic Review on Social Engineering: Hacking by Manipulating Humans

Despite the availability of advanced security software and hardware mechanisms available, still, there has been a breach in the defence system of an organization or individual. Social engineering mostly targets the weakest link in the security system i.e. “Humans” for gaining access to sensitive information by manipulating human psychology. Social engineering attacks are arduous to defend as such attacks are not easily detected by available security software or hardware. This article surveys recent studies on social engineering attacks with discussion on the social engineering phases and categorizing the various attacks into two groups. The main aim of this survey is to examine the various social engineering attacks on individuals and countermeasures against social engineering attacks are also discussed.

The Role of Social Engineering in Cybersecurity and Its Impact

An attacker has several options for breaking through an organization’s information security protections. Human factors are determined to be the source of some of the worst cyber-attacks every day in every business. The human method, often known as “social engineering”, is the hardest to cope with. This paper examines many types of social engineering. The aim of this study was to ascertain the level of awareness of social engineering, provide appropriate solutions to problems to reduce those engineering risks, and avoid obstacles that could prevent increasing awareness of the dangers of social engineering—Shaqra University (Kingdom of Saudi Arabia). A questionnaire was developed and surveyed 508 employees working at different organizations. The overall Cronbach’s alpha was 0.756, which very good value, the correlation coefficient between each of the items is statistically significant at 0.01 level. The study showed that 63.4% of the surveyed sample had no idea about social engineering. 67.3% of the total samples had no idea about social engineering threats. 42.1% have a weak knowledge of social engineering and only 7.5% of the sample had a good knowledge of social engineering. 64.7% of the male did not know what social engineering is. 68.0% of the administrators did not know what social engineering is. Employees who did not take courses showed statistically significant differences.

Social engineering in cybersecurity:a domain ontology and knowledge graph application examples

Social engineering has posed a serious threat to cyberspace security.To protect against social engineering attacks,a fundamental work is to know what constitutes social engineering.This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application.The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain,together with 22 kinds of relations describing how these entities related to each other.It provides a formal and explicit knowledge schema to understand,analyze,reuse and share domain knowledge of social engineering.Furthermore,this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios.7 knowledge graph application examples(in 6 analysis patterns)demonstrate that the ontology together with knowledge graph is useful to 1)understand and analyze social engineering attack scenario and incident,2)find the top ranked social engineering threat elements(e.g.the most exploited human vulnerabilities and most used attack mediums),3)find potential social engineering threats to victims,4)find potential targets for social engineering attackers,5)find potential attack paths from specific attacker to specific target,and 6)analyze the same origin attacks.

Predicting individuals’vulnerability to social engineering in social networks

The popularity of social networking sites has attracted billions of users to engage and share their information on these networks.The vast amount of circulating data and information expose these networks to several security risks.Social engineering is one of the most common types of threat that may face social network users.Training and increasing users’awareness of such threats is essential for maintaining continuous and safe use of social networking services.Identifying the most vulnerable users in order to target them for these training programs is desirable for increasing the effectiveness of such programs.Few studies have investigated the effect of individuals’characteristics on predicting their vulnerability to social engineering in the context of social networks.To address this gap,the present study developed a novel model to predict user vulnerability based on several perspectives of user characteristics.The proposed model includes interactions between different social network-oriented factors such as level of involvement in the network,motivation to use the network,and competence in dealing with threats on the network.The results of this research indicate that most of the considered user characteristics are factors that influence user vulnerability either directly or indirectly.Furthermore,the present study provides evidence that individuals’characteristics can identify vulnerable users so that these risks can be considered when designing training and awareness programs.

Predicting individuals’vulnerability to social engineering in social networks

The popularity of social networking sites has attracted billions of users to engage and share their information on these networks.The vast amount of circulating data and information expose these networks to several security risks.Social engineering is one of the most common types of threat that may face social network users.Training and increasing users’awareness of such threats is essential for maintaining continuous and safe use of social networking services.Identifying the most vulnerable users in order to target them for these training programs is desirable for increasing the effectiveness of such programs.Few studies have investigated the effect of individuals’characteristics on predicting their vulnerability to social engineering in the context of social networks.To address this gap,the present study developed a novel model to predict user vulnerability based on several perspectives of user characteristics.The proposed model includes interactions between different social network-oriented factors such as level of involvement in the network,motivation to use the network,and competence in dealing with threats on the network.The results of this research indicate that most of the considered user characteristics are factors that influence user vulnerability either directly or indirectly.Furthermore,the present study provides evidence that individuals’characteristics can identify vulnerable users so that these risks can be considered when designing training and awareness programs.

Phishing Attacks Detection Using EnsembleMachine Learning Algorithms

Phishing,an Internet fraudwhere individuals are deceived into revealing critical personal and account information,poses a significant risk to both consumers and web-based institutions.Data indicates a persistent rise in phishing attacks.Moreover,these fraudulent schemes are progressively becoming more intricate,thereby rendering them more challenging to identify.Hence,it is imperative to utilize sophisticated algorithms to address this issue.Machine learning is a highly effective approach for identifying and uncovering these harmful behaviors.Machine learning(ML)approaches can identify common characteristics in most phishing assaults.In this paper,we propose an ensemble approach and compare it with six machine learning techniques to determine the type of website and whether it is normal or not based on two phishing datasets.After that,we used the normalization technique on the dataset to transform the range of all the features into the same range.The findings of this paper for all algorithms are as follows in the first dataset based on accuracy,precision,recall,and F1-score,respectively:Decision Tree(DT)(0.964,0.961,0.976,0.968),Random Forest(RF)(0.970,0.964,0.984,0.974),Gradient Boosting(GB)(0.960,0.959,0.971,0.965),XGBoost(XGB)(0.973,0.976,0.976,0.976),AdaBoost(0.934,0.934,0.950,0.942),Multi Layer Perceptron(MLP)(0.970,0.971,0.976,0.974)and Voting(0.978,0.975,0.987,0.981).So,the Voting classifier gave the best results.While in the second dataset,all the algorithms gave the same results in four evaluation metrics,which indicates that each of them can effectively accomplish the prediction process.Also,this approach outperformed the previous work in detecting phishing websites with high accuracy,a lower false negative rate,a shorter prediction time,and a lower false positive rate.

Emoti-Shing: Detecting Vishing Attacks by Learning Emotion Dynamics through Hidden Markov Models

This study examines vishing, a form of social engineering scam using voice communication to deceive individuals into revealing sensitive information or losing money. With the rise of smartphone usage, people are more susceptible to vishing attacks. The proposed Emoti-Shing model analyzes potential victims’ emotions using Hidden Markov Models to track vishing scams by examining the emotional content of phone call audio conversations. This approach aims to detect vishing scams using biological features of humans, specifically emotions, which cannot be easily masked or spoofed. Experimental results on 30 generated emotions indicate the potential for increased vishing scam detection through this approach.

Impact of Human Vulnerabilities on Cybersecurity

Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,communications,and hackers.Internets of Things(IoT)devices are more effective,and the number of devices connected to the internet is constantly increasing,and governments and businesses are also using these technologies to perform business activities effectively.However,the increasing uses of technologies also increase risks,such as password attacks,social engineering,and phishing attacks.Humans play a major role in the field of cybersecurity.It is observed that more than 39%of security risks are related to the human factor,and 95%of successful cyber-attacks are caused by human error,with most of them being insider threats.The major human factor issue in cybersecurity is a lack of user awareness of cyber threats.This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations.This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information.Moreover,the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity,such as phishing attacks,passwords,attacks,and social engineering,are major problems that need to be addressed and reduced through proper awareness and training.

Coordination:From Development Concept to Methodology Innovation

Coordinated development focuses on ensuring an integrated,systematic and coordinated development approach.It exhibits the new thinking of social engineering,and concerns value orientation,distribution change,strategic direction and problem orientation.It is of great methodological significance in boosting the economic and social development of China during the 13 th Five-year Plan and beyond.Coordinated development requires a top-level design in social engineering,which includes deconstructing urban-rural dual structures,mending the"short planks",synchronous advancement of the new"Four Modernizations,"as well as the joint development of cultural-ethical production and material production.As a methodology of social engineering,coordinated development contains the methods of social design,social reflection and social evaluation and has become a basic model to guide and hold the new normal of China's economy.

Hacked by Bits and Pieces: What Can We Learn from an Example of Corporate Espionage?

Information security often involves the development and application of sophisticated software to protect sensitive information stored in corporate computers. Yet, in this example of corporate espionage, a clever person, a cellphone and some readily available software were all it took to crack through one company’s advanced security barriers. By reading this article it is hoped that employees at all levels of an organization’s hierarchy will become more aware of—and recognize—how: 1) bits and pieces of seemingly harmless and easy-to-acquire information can be used for sinister purposes;2) building rapport and trust with a person can make them more likely to become unknowing co-conspirators in a devious undertaking;and 3) how one must be constantly alert not to give out information without carefully considering the authenticity and justification of the source requesting it.

Being‘Social Engineers’

As demand for social service soars, the government takes measures to train more qualified workers Liu Siting is always busy in her local community, collecting sanitation fees, putting up notices and explaining g arbage-sorting ideas.The 22-year-old college graduate is a social worker based in a residential community in Beijing’s Chaoyang District. She is one of the 1,000 new social workers recruited by the Beijing Municipal Government in July." It’s really not an easy job, due to a

Public Health and Private Charity in Northeast China, 1905-1945

Medical charity in northeast China evolved through the confluence of three processes： the foundation of state medicine, the legal and political transformation of private charities, and the militarized competition for influence between China and Japan. Following the plague of 1910, a series of Chinese regimes began building medical infrastructure in areas under their control, but their ultimate inability to establish a comprehensive public health program left private charities to fill the gaps. In contrast, the Japanese administered concessions in Kant6 and along the South Manchuria Railway instituted a farsighted and multivaleneed medical policy. The Japanese model did not merely tolerate medical charities, it reserved for them a very specific role in the larger strategic framework of healthcare provision. Under the client state of ＂Manzhouguo,＂ the Japanese model further evolved to channel medical voluntarism into a hybrid state-charitable sector.