{"title":"现代信使中的社会工程:攻击性安全的应用","authors":"Iryna STOPOCHKINA, Mykola ILYIN, Oleksandra PONOMARENKO","doi":"10.32782/it/2023-2-10","DOIUrl":null,"url":null,"abstract":"The work considers the problems of social engineering in modern messengers, and provides classification indicators for modern attacks. Attention is focused on the Telegram messenger, whose channel owners and visitors to these channels may suffer from the intervention of fraudsters who cannot always be identified in time. Fraudsters or malicious bots are exposed and removed as a result of certain user complaints, very often when the purpose of the malicious intervention has already been realized. This indicates the need to develop new proactive solutions. The purpose of this work is to enrich offensive security mechanisms for social messengers by using bots and artificial intelligence using specially created prompts. The novelty of the work. It is proposed to place a kind of honeypot analogues in the space of communication. The role of the decoy victim is given to a specially configured bot disguised as a user, capable of carrying out a conversation according to a given scenario. The bot’s algorithm has been developed. Methodology. Social engineering is seen as a proactive security tool aimed at identifying vulnerabilities that attackers can exploit, as well as a reverse defense by obtaining information from fraudsters that compromises them. Main results. The work successfully combined developed offensive security scenarios for real Ukrainian chats at the time of the research, with the capabilities of ChatGPT, which made it possible to implement a bot, with the ability to communicate according to the scenario specified by the security specialist. Testing of the bot and the corresponding application in the Telegram channel was carried out, with the consent of real users, which proved the workability of the solution. Conclusions. The modern level of artificial intelligence tools allows one to obtain valuable information about attackers in the information space, conduct automated security testing, and implement other offensive security scenarios. Channel administrators can use the solution as a channel subscribers filtering tool.","PeriodicalId":486523,"journal":{"name":"Information Technology Computer Science Software Engineering and Cyber Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SOCIAL ENGINEERING IN MODERN MESSENGERS: APPLICATIONS FOR OFFENSIVE SECURITY\",\"authors\":\"Iryna STOPOCHKINA, Mykola ILYIN, Oleksandra PONOMARENKO\",\"doi\":\"10.32782/it/2023-2-10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The work considers the problems of social engineering in modern messengers, and provides classification indicators for modern attacks. Attention is focused on the Telegram messenger, whose channel owners and visitors to these channels may suffer from the intervention of fraudsters who cannot always be identified in time. Fraudsters or malicious bots are exposed and removed as a result of certain user complaints, very often when the purpose of the malicious intervention has already been realized. This indicates the need to develop new proactive solutions. The purpose of this work is to enrich offensive security mechanisms for social messengers by using bots and artificial intelligence using specially created prompts. The novelty of the work. It is proposed to place a kind of honeypot analogues in the space of communication. The role of the decoy victim is given to a specially configured bot disguised as a user, capable of carrying out a conversation according to a given scenario. The bot’s algorithm has been developed. Methodology. Social engineering is seen as a proactive security tool aimed at identifying vulnerabilities that attackers can exploit, as well as a reverse defense by obtaining information from fraudsters that compromises them. Main results. The work successfully combined developed offensive security scenarios for real Ukrainian chats at the time of the research, with the capabilities of ChatGPT, which made it possible to implement a bot, with the ability to communicate according to the scenario specified by the security specialist. Testing of the bot and the corresponding application in the Telegram channel was carried out, with the consent of real users, which proved the workability of the solution. Conclusions. The modern level of artificial intelligence tools allows one to obtain valuable information about attackers in the information space, conduct automated security testing, and implement other offensive security scenarios. Channel administrators can use the solution as a channel subscribers filtering tool.\",\"PeriodicalId\":486523,\"journal\":{\"name\":\"Information Technology Computer Science Software Engineering and Cyber Security\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Technology Computer Science Software Engineering and Cyber Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.32782/it/2023-2-10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Technology Computer Science Software Engineering and Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32782/it/2023-2-10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SOCIAL ENGINEERING IN MODERN MESSENGERS: APPLICATIONS FOR OFFENSIVE SECURITY
The work considers the problems of social engineering in modern messengers, and provides classification indicators for modern attacks. Attention is focused on the Telegram messenger, whose channel owners and visitors to these channels may suffer from the intervention of fraudsters who cannot always be identified in time. Fraudsters or malicious bots are exposed and removed as a result of certain user complaints, very often when the purpose of the malicious intervention has already been realized. This indicates the need to develop new proactive solutions. The purpose of this work is to enrich offensive security mechanisms for social messengers by using bots and artificial intelligence using specially created prompts. The novelty of the work. It is proposed to place a kind of honeypot analogues in the space of communication. The role of the decoy victim is given to a specially configured bot disguised as a user, capable of carrying out a conversation according to a given scenario. The bot’s algorithm has been developed. Methodology. Social engineering is seen as a proactive security tool aimed at identifying vulnerabilities that attackers can exploit, as well as a reverse defense by obtaining information from fraudsters that compromises them. Main results. The work successfully combined developed offensive security scenarios for real Ukrainian chats at the time of the research, with the capabilities of ChatGPT, which made it possible to implement a bot, with the ability to communicate according to the scenario specified by the security specialist. Testing of the bot and the corresponding application in the Telegram channel was carried out, with the consent of real users, which proved the workability of the solution. Conclusions. The modern level of artificial intelligence tools allows one to obtain valuable information about attackers in the information space, conduct automated security testing, and implement other offensive security scenarios. Channel administrators can use the solution as a channel subscribers filtering tool.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
