Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples

by   Zuoguang Wang, et al.

Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.



page 1

page 12

page 13

page 14

page 15


Pattern-based Visualization of Knowledge Graphs

We present a novel approach to knowledge graph visualization based on on...

Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

This paper explores the threat detection for general Social Engineering ...

Analysis of Recent Attacks based on Social Engineering Techniques

This paper attempts to strengthen the pursued research on social enginee...

An Ontological Approach to Analysing Social Service Provisioning

This paper introduces ontological concepts required to evaluate and mana...

Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses

This works considers challenges of building and usage a formal knowledge...

Towards Thwarting Social Engineering Attacks

Social engineering attacks represent an increasingly important attack ve...

Ontology Design Facilitating Wikibase Integration – and a Worked Example for Historical Data

Wikibase – which is the software underlying Wikidata – is a powerful pla...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.