发布求助
文献互助 智能选刊 最新文献

2015 Workshop on Socio-Technical Aspects in Security and Trust最新文献

筛选
英文 中文
How people help fraudsters steal their money: an analysis of 600 online banking fraud cases 人们如何帮助骗子窃取他们的钱:600起网上银行诈骗案分析
2015 Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2015-07-13 DOI: 10.1109/STAST.2015.12
J. Jansen, E. R. Leukfeldt
{"title":"How people help fraudsters steal their money: an analysis of 600 online banking fraud cases","authors":"J. Jansen, E. R. Leukfeldt","doi":"10.1109/STAST.2015.12","DOIUrl":"https://doi.org/10.1109/STAST.2015.12","url":null,"abstract":"This paper presents an analysis of 600 phishing and malware incidents obtained from a Dutch bank. We observed from these cases that the behavior of customers in the fraudulent process entails giving away personal information to fraudsters. Phishing victimization occurred by responding to a false e-mail, a fraudulent phone call or a combination of these. Malware victimization occurred by responding to a pop-up and by installing a malicious application on a mobile device. Customers cooperated because the fraudulent messages were perceived professional and because they were not sufficiently suspicious. Our data suggests that customers have an active role in the fraudulent process. An interesting finding is that customers not always trusted the intention of the fraudster, but were mentally unable to stop the process. They did not read or pay attention to information on their screens that might have prevented the incident. We conclude this paper with recommendations for fraud mitigation strategies.","PeriodicalId":322373,"journal":{"name":"2015 Workshop on Socio-Technical Aspects in Security and Trust","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132314516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Regression nodes: extending attack trees with data from social sciences 回归节点:用社会科学的数据扩展攻击树
2015 Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2015-07-13 DOI: 10.1109/STAST.2015.11
Jan-Willem Bullee, Lorena Montoya, W. Pieters, M. Junger, P. Hartel
{"title":"Regression nodes: extending attack trees with data from social sciences","authors":"Jan-Willem Bullee, Lorena Montoya, W. Pieters, M. Junger, P. Hartel","doi":"10.1109/STAST.2015.11","DOIUrl":"https://doi.org/10.1109/STAST.2015.11","url":null,"abstract":"In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of social engineering, because the attacker may combine different persuasion principles to different degrees, with different associated success probabilities. Experimental results in this domain are typically represented by regression equations rather than logical gates. This paper therefore proposes an extension to attack trees involving a regression-node, illustrated by data obtained from a social engineering experiment. By allowing the annotation of leaf nodes with experimental data from social science, the regression-node enables the development of integrated socio-technical security models.","PeriodicalId":322373,"journal":{"name":"2015 Workshop on Socio-Technical Aspects in Security and Trust","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115738969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
An analysis of social engineering principles in effective phishing 有效网络钓鱼的社会工程原理分析
2015 Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2015-07-13 DOI: 10.1109/STAST.2015.10
A. Ferreira, G. Lenzini
{"title":"An analysis of social engineering principles in effective phishing","authors":"A. Ferreira, G. Lenzini","doi":"10.1109/STAST.2015.10","DOIUrl":"https://doi.org/10.1109/STAST.2015.10","url":null,"abstract":"Phishing is a widespread practice and a lucrative business. It is invasive and hard to stop: a company needs to worry about all emails that all employees receive, while an attacker only needs to have a response from a key person, e.g., a finance or human resources' responsible, to cause a lot of damages. Some research has looked into what elements make phishing so successful. Many of these elements recall strategies that have been studied as principles of persuasion, scams and social engineering. This paper identifies, from the literature, the elements which reflect the effectiveness of phishing, and manually quantifies them within a phishing email sample. Most elements recognised as more effective in phishing commonly use persuasion principles such as authority and distraction. This insight could lead to better automate the identification of phishing emails and devise more appropriate countermeasures against them.","PeriodicalId":322373,"journal":{"name":"2015 Workshop on Socio-Technical Aspects in Security and Trust","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133871056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
A technique for using employee perception of security to support usability diagnostics 一种利用员工对安全性的感知来支持可用性诊断的技术
2015 Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2015-07-13 DOI: 10.1109/STAST.2015.9
S. Parkin, Sanket Epili
{"title":"A technique for using employee perception of security to support usability diagnostics","authors":"S. Parkin, Sanket Epili","doi":"10.1109/STAST.2015.9","DOIUrl":"https://doi.org/10.1109/STAST.2015.9","url":null,"abstract":"Problems of unusable security in organisations are widespread, yet security managers tend not to listen to employees' views on how usable or beneficial security controls are for them in their roles. Here we provide a technique to drive management of security controls using end-user perceptions of security as supporting data. Perception is structured at the point of collection using Analytic Hierarchy Process techniques, where diagnostic rules filter user responses to direct remediation activities, based on recent research in the human factors of information security. The rules can guide user engagement, and support identification of candidate controls to maintain, remove, or learn from. The methodology was incorporated into a prototype dashboard tool, and a preliminary validation conducted through a walk-through consultation with a security manager in a large organisation. It was found that user feedback and suggestions would be useful if they can be structured for review, and that categorising responses would help when revisiting security policies and identifying problem controls.","PeriodicalId":322373,"journal":{"name":"2015 Workshop on Socio-Technical Aspects in Security and Trust","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128532512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Alternative Authentication in the Wild 野外的替代身份验证
2015 Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2015-07-13 DOI: 10.1109/STAST.2015.13
Joseph Maguire, K. Renaud
{"title":"Alternative Authentication in the Wild","authors":"Joseph Maguire, K. Renaud","doi":"10.1109/STAST.2015.13","DOIUrl":"https://doi.org/10.1109/STAST.2015.13","url":null,"abstract":"Alphanumeric authentication routinely fails to regulate access to resources with the required stringency, primarily due to usability issues. Initial deployment did not reveal the problems of passwords, deep and profound flaws only emerged once passwords were deployed in the wild. The need for a replacement is widely acknowledged yet despite over a decade of research into knowledge-based alternatives, few, if any, have been adopted by industry. Alternatives are unconvincing for three primary reasons. The first is that alternatives are rarely investigated beyond the initial proposal, with only the results from a constrained lab test provided to convince adopters of their viability. The second is that alternatives are seldom tested realistically where the authenticator mediates access to something of value. The third is that the testing rarely varies the device or context beyond that initially targeted. In the modern world different devices are used across a variety of contexts. What works well in one context may easily fail in another. Consequently, the contribution of this paper is an \"in the wild\" evaluation of an alternative authentication mechanism that had demonstrated promise in its lab evaluation. In the field test the mechanism was deployed to actual users to regulate access to an application in a context beyond that initially proposed. The performance of the mechanism is reported and discussed. We conclude by reflecting on the value of field evaluations of alternative authentication mechanisms.","PeriodicalId":322373,"journal":{"name":"2015 Workshop on Socio-Technical Aspects in Security and Trust","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130424250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信