关于社会工程学攻击、对策、案例研究和研究挑战的全面调查

IF 7.4 1区 管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Tejal Rathod , Nilesh Kumar Jadav , Sudeep Tanwar , Abdulatif Alabdulatif , Deepak Garg , Anupam Singh
{"title":"关于社会工程学攻击、对策、案例研究和研究挑战的全面调查","authors":"Tejal Rathod ,&nbsp;Nilesh Kumar Jadav ,&nbsp;Sudeep Tanwar ,&nbsp;Abdulatif Alabdulatif ,&nbsp;Deepak Garg ,&nbsp;Anupam Singh","doi":"10.1016/j.ipm.2024.103928","DOIUrl":null,"url":null,"abstract":"<div><div>Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.</div></div>","PeriodicalId":50365,"journal":{"name":"Information Processing & Management","volume":null,"pages":null},"PeriodicalIF":7.4000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges\",\"authors\":\"Tejal Rathod ,&nbsp;Nilesh Kumar Jadav ,&nbsp;Sudeep Tanwar ,&nbsp;Abdulatif Alabdulatif ,&nbsp;Deepak Garg ,&nbsp;Anupam Singh\",\"doi\":\"10.1016/j.ipm.2024.103928\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.</div></div>\",\"PeriodicalId\":50365,\"journal\":{\"name\":\"Information Processing & Management\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":7.4000,\"publicationDate\":\"2024-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Processing & Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0306457324002875\",\"RegionNum\":1,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Processing & Management","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0306457324002875","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

社交工程攻击是不可避免的,它危及社交媒体平台上所使用信息的完整性、安全性和保密性。文献中采用了区块链、人工智能(AI)和主动访问控制等著名技术来应对社交媒体上的社交工程攻击。然而,目前的研究成果中明显缺乏对这一主题的全面调查。受此启发,我们提出了一份详尽的调查报告,其中包括对 10 种不同社交工程攻击及其实时场景的深入分析。此外,我们还提出了详细的解决方案分类法,为有效解决社会工程学攻击提供了有价值的见解(如目标、方法和结果)。基于解决方案分类法,我们提出了一个基于人工智能和区块链的恶意统一资源定位器(URL)检测框架(作为案例研究),以应对 Meta 平台上的社交工程攻击。为此,我们使用了一个标准数据集,其中包括 12 个不同的数据集,包含 3980870 个恶意和非恶意 URL。为了对 URL 进行分类,制定了一个二元分类问题,并使用不同的人工智能分类器(如 Naive Bayes (NB)、决策树 (DT)、支持向量机 (SVM) 和助推树 (BT))加以解决。非恶意 URL 被转发到区块链网络以确保安全存储,从而加强了恶意 URL 检测框架的有效性。所提出的框架与基线方法进行了评估,其中 NB 的训练准确率达到了值得注意的水平,即 76.87%,训练时间为(8.23 (s))。此外,与传统的区块链技术相比,基于星际文件系统(IPFS)的区块链实现了显著的响应时间,即(0.245 (ms))。我们还利用 Slither 进行了执行成本和智能合约漏洞评估,以展示区块链技术的优越性能。最后,我们揭示了社会工程学攻击的公开问题和研究挑战,这些问题和挑战仍存在研究空白,需要进一步研究。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges
Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Information Processing & Management
Information Processing & Management 工程技术-计算机:信息系统
CiteScore
17.00
自引率
11.60%
发文量
276
审稿时长
39 days
期刊介绍: Information Processing and Management is dedicated to publishing cutting-edge original research at the convergence of computing and information science. Our scope encompasses theory, methods, and applications across various domains, including advertising, business, health, information science, information technology marketing, and social computing. We aim to cater to the interests of both primary researchers and practitioners by offering an effective platform for the timely dissemination of advanced and topical issues in this interdisciplinary field. The journal places particular emphasis on original research articles, research survey articles, research method articles, and articles addressing critical applications of research. Join us in advancing knowledge and innovation at the intersection of computing and information science.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信