{"title":"计算机系统社会工程攻击的分析与防御工具","authors":"L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell","doi":"10.1109/IAW.2006.1652125","DOIUrl":null,"url":null,"abstract":"The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems\",\"authors\":\"L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell\",\"doi\":\"10.1109/IAW.2006.1652125\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering\",\"PeriodicalId\":326306,\"journal\":{\"name\":\"2006 IEEE Information Assurance Workshop\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2006.1652125\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2006.1652125","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20
摘要
信息安全链中最薄弱的环节往往是用户,因为人们可能被操纵。利用从社会互动中获得的信息攻击计算机系统是社会工程的一种形式(K. Mitnick, et al. 2002)。这比瞄准系统的复杂技术保护要容易得多(J. McDermott,社会工程——信息安全中最薄弱的环节)。为了使网络空间的社会工程正式化,我们正在建立信任和攻击的模型。模型有助于理解可以采用的令人眼花缭乱的不同策略。社会工程攻击可能很复杂,有多种手段和目标;我们的模型作为子例程发挥作用,这些子例程被多次调用,以在协调的计划中完成攻击目标。模型使我们能够推断出针对社会工程的良好对策
Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems
The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
