Mitigating Social Engineering Attacks Through Cost-Effective Security Awareness Training Policy

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2025-04-02 DOI:10.1109/TNSE.2025.3556927

Yang Qin;Xiaofan Yang;Lu-Xing Yang;Kaifan Huang

{"title":"Mitigating Social Engineering Attacks Through Cost-Effective Security Awareness Training Policy","authors":"Yang Qin;Xiaofan Yang;Lu-Xing Yang;Kaifan Huang","doi":"10.1109/TNSE.2025.3556927","DOIUrl":null,"url":null,"abstract":"Human beings are often considered the weakest link in cybersecurity. Social engineering attacks exploit this vulnerability, posing significant threats to the digital assets of organizations. A highly effective strategy to protect users from falling into traps set by attackers is to implement comprehensive security awareness training focused on social engineering. In this context, the organization needs to find a cost-effective policy of allocating the security awareness training cost. We refer to the problem of finding such a policy as the security awareness training (SAT) problem. This paper addresses the SAT problem. First, an opinion dynamics-based security awareness evolution model is introduced. On this basis, the SAT problem is reduced to an optimal control model (the SAT model). Second, by deriving the optimality system for the SAT problem, an algorithm of solving the SAT model is proposed. Next, the feasibility of the proposed algorithm is validated through numerical experiments. Additionally, further exploration of the SAT algorithm are conducted. Finally, for greater versatility, the problem is formulated as a discrete-time problem (the discrete SAT problem), and the discrete SAT algorithm is proposed to solve it. This work takes the first step toward the prevention of social engineering attack through optimal control approach.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"12 4","pages":"3145-3158"},"PeriodicalIF":6.7000,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10947636/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

Human beings are often considered the weakest link in cybersecurity. Social engineering attacks exploit this vulnerability, posing significant threats to the digital assets of organizations. A highly effective strategy to protect users from falling into traps set by attackers is to implement comprehensive security awareness training focused on social engineering. In this context, the organization needs to find a cost-effective policy of allocating the security awareness training cost. We refer to the problem of finding such a policy as the security awareness training (SAT) problem. This paper addresses the SAT problem. First, an opinion dynamics-based security awareness evolution model is introduced. On this basis, the SAT problem is reduced to an optimal control model (the SAT model). Second, by deriving the optimality system for the SAT problem, an algorithm of solving the SAT model is proposed. Next, the feasibility of the proposed algorithm is validated through numerical experiments. Additionally, further exploration of the SAT algorithm are conducted. Finally, for greater versatility, the problem is formulated as a discrete-time problem (the discrete SAT problem), and the discrete SAT algorithm is proposed to solve it. This work takes the first step toward the prevention of social engineering attack through optimal control approach.

查看原文本刊更多论文

通过具有成本效益的安全意识培训策略减轻社会工程攻击

人类通常被认为是网络安全中最薄弱的环节。社会工程攻击利用这一漏洞，对组织的数字资产构成重大威胁。保护用户不落入攻击者设置的陷阱的一个非常有效的策略是实现以社会工程为重点的全面的安全意识培训。在这种情况下，组织需要找到一个具有成本效益的策略来分配安全意识培训成本。我们将找到这样一个策略的问题称为安全意识培训（SAT）问题。本文解决了SAT问题。首先，提出了一种基于意见动态的安全意识演化模型。在此基础上，将SAT问题简化为一个最优控制模型（SAT模型）。其次，通过推导SAT问题的最优性系统，提出了求解SAT模型的算法。其次，通过数值实验验证了所提算法的可行性。此外，本文还对SAT算法进行了进一步的探索。最后，为了更大的通用性，将问题表述为一个离散时间问题（离散SAT问题），并提出离散SAT算法来解决它。这项工作为通过最优控制方法预防社会工程攻击迈出了第一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.