{"title":"A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges","authors":"Tejal Rathod , Nilesh Kumar Jadav , Sudeep Tanwar , Abdulatif Alabdulatif , Deepak Garg , Anupam Singh","doi":"10.1016/j.ipm.2024.103928","DOIUrl":null,"url":null,"abstract":"<div><div>Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.</div></div>","PeriodicalId":50365,"journal":{"name":"Information Processing & Management","volume":"62 1","pages":"Article 103928"},"PeriodicalIF":7.4000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Processing & Management","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0306457324002875","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.
期刊介绍:
Information Processing and Management is dedicated to publishing cutting-edge original research at the convergence of computing and information science. Our scope encompasses theory, methods, and applications across various domains, including advertising, business, health, information science, information technology marketing, and social computing.
We aim to cater to the interests of both primary researchers and practitioners by offering an effective platform for the timely dissemination of advanced and topical issues in this interdisciplinary field. The journal places particular emphasis on original research articles, research survey articles, research method articles, and articles addressing critical applications of research. Join us in advancing knowledge and innovation at the intersection of computing and information science.