Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.768901
Title: Utilising the concept of human-as-a-security-sensor for detecting semantic social engineering attacks
Author: Heartfield, Ryan John
ISNI:       0000 0004 7655 8393
Awarding Body: University of Greenwich
Current Institution: University of Greenwich
Date of Award: 2017
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Semantic social engineering attacks are a pervasive threat to computer and communication systems. By employing deception rather than by exploiting technical vulnerabilities, spear-phishing, obfuscated URLs, drive-by downloads, spoofed websites, scareware and other attacks are able to circumvent traditional technical security controls and target the user directly. In this thesis, we begin by defining the terminology of a semantic attack, introducing a historic time-line of attack incidents over the last 17 years to illustrate what is an existential relationship with the user-computer interface and it's ever expanding landscape. We then highlight the scale of the semantic attack threat by identifying different individual attacks and discussing recent statistics. Recognising the complexity in understanding the many facets that may form an attack, as well as the depth and breadth of the threat landscape, we construct a taxonomy of semantic attacks which encapsulates attack characteristics into a fixed, parametrised classification criteria that span all stages of a semantic attack. We then supplement the taxonomy of attacks with a survey of applicable defences and contrast the threat landscape and the associated mitigation techniques in a single comparative matrix; identifying the areas where further research can be particularly beneficial. Armed with this knowledge, we then explore the feasibility of predicting user susceptibility to deception-based attacks through attributes that can be measured, ethically, preferably in real-time and in an automated manner. We conduct two experiments, the first on 4333 users recruited on the Internet, allowing us to identify useful high-level features through association rule mining, and the second on a smaller group of 315 users, allowing us to study these features in more detail. In both experiments, participants were presented with attack and non-attack exhibits and were tested in terms of their ability to distinguish between the two. Using the data collected, we determine predictors of users' susceptibility to different deception vectors. With these, we have produced and evaluated a generalised model for training a dynamic system for proactive user security. Using the model as a baseline, we propose a technical framework that aims to utilise the concept of Human-as-a-Security-Sensor as a dynamic defence mechanism against semantic attacks. To test the viability of our framework and to demonstrate the concept of the Human-as-a-Security-Sensor in an empirical context, we employ the framework to develop a prototype Human-as-a-Security- Sensor platform called Cogni-Sense; evaluating its utility in a real-world experiment. Lastly, we conclude with a review of the problem space, summarising our novel contributions towards a dynamic, user-driven defence against semantic attacks and identify open problems in our work to discuss future plans and motivation for continuing the development of Human-as-a-Security-Sensor.
Supervisor: Loukas, George ; Gan, Diane Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.768901  DOI: Not available
Keywords: QA Mathematics
Share: