{"title":"比较误用案例和不良活动图建模社会工程攻击","authors":"P. Kárpáti, G. Sindre, Raimundas Matulevičius","doi":"10.4018/jsse.2012040103","DOIUrl":null,"url":null,"abstract":"Understanding the social engineering threat is important in requirements engineering for security-critical information systems. Mal-activity diagrams have been proposed as being better than misuse cases for this purpose, but without any empirical testing. The research question in this study is whether mal-activity diagrams would be more efficient than misuse cases for understanding social engineering attacks and finding prevention measures. After a conceptual comparison of the modelling techniques, a controlled experiment is presented, comparing the efficiency of using the two techniques together with textual descriptions of social engineering attacks. The results were fairly equal, the only significant difference being a slight advantage for mal-activity diagrams concerning perceived ease of use. The study gives new insights into the relative merits of the two techniques, and suggests that the advantage of mal-activity diagrams is smaller than previously assumed. However, more empirical investigations are needed to make detailed conclusions.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"33 1","pages":"54-73"},"PeriodicalIF":0.0000,"publicationDate":"2012-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks\",\"authors\":\"P. Kárpáti, G. Sindre, Raimundas Matulevičius\",\"doi\":\"10.4018/jsse.2012040103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Understanding the social engineering threat is important in requirements engineering for security-critical information systems. Mal-activity diagrams have been proposed as being better than misuse cases for this purpose, but without any empirical testing. The research question in this study is whether mal-activity diagrams would be more efficient than misuse cases for understanding social engineering attacks and finding prevention measures. After a conceptual comparison of the modelling techniques, a controlled experiment is presented, comparing the efficiency of using the two techniques together with textual descriptions of social engineering attacks. The results were fairly equal, the only significant difference being a slight advantage for mal-activity diagrams concerning perceived ease of use. The study gives new insights into the relative merits of the two techniques, and suggests that the advantage of mal-activity diagrams is smaller than previously assumed. However, more empirical investigations are needed to make detailed conclusions.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"33 1\",\"pages\":\"54-73\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jsse.2012040103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jsse.2012040103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
Understanding the social engineering threat is important in requirements engineering for security-critical information systems. Mal-activity diagrams have been proposed as being better than misuse cases for this purpose, but without any empirical testing. The research question in this study is whether mal-activity diagrams would be more efficient than misuse cases for understanding social engineering attacks and finding prevention measures. After a conceptual comparison of the modelling techniques, a controlled experiment is presented, comparing the efficiency of using the two techniques together with textual descriptions of social engineering attacks. The results were fairly equal, the only significant difference being a slight advantage for mal-activity diagrams concerning perceived ease of use. The study gives new insights into the relative merits of the two techniques, and suggests that the advantage of mal-activity diagrams is smaller than previously assumed. However, more empirical investigations are needed to make detailed conclusions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
