Research On Social Engineering Theory And Key Technologies In Cyberspace Security

Nowadays,with the rapid development of mobile communication network and Internet,the traditional form of fraud has evolved into a new type of cyber attack,called "social engineering".Social engineering in Cyberspace Security centers on the core element "human",which extends the traditional network attacks in physical domain and information domain to those in cognitive domain and social domain.The existing researches of social engineering mainly focuses on the detection methods of typical attack forms such as phishing and telecommunication fraud.There are also a few researches related to the theory of social engineering model.However,there is no discussion on the cognitive and social domain characteristics of social engineering.In this paper,a series of researches have been carried out around social engineering toward cognitive domain,from the theory of social engineering model to the key technologies in social engineering,such as identification authentication and attack detection.The research results promote the understanding of the process of social engineering toward cognitive domain,and provide theoretical and methodological support for social engineering defense.The main contributions of this paper are as follows.(1)A new social engineering framework involving the concept of session and dialogue is proposed in this paper.There are a few existing researches on social engineering models,which lack of discussion on the continuity of social engineering attacks,lack of consideration of combination with traditional attacks,and lack of refining the cognitive domain elements of social engineering.In the proposed model,a complete social engineering attack(Social engineering session,SES)is described as an orderly combination of multiple social engineering atomic attacks(Social engineering dialogue,SED).The stage outputs of social engineering atomic attacks and their interconnection are discussed in detail.Additionally,the model combines traditional attacks with social engineering attacks in the division of attack stage.Then,the model is formally described using an attack graph model,which highly abstracts the elements of social engineering attack,especially the cognitive domain elements.Finally,the model is explained by some typical social engineering cases.(2)An identification authentication method for social engineering is proposed in this paper.Identification authentication is the key step to establish a connection between an attacker and a target in social engineering.According to reviews on the process of identification authentication in social engineering,this paper proposes an identification authentication model in social engineering with detail descriptions of the main elements.By analyzing identification threats in social engineering attack,this paper proposes an identification authentication method in social engineering,which includes the assessment method of breakthrough ability,user authentication method and human-computer authentication method for social engineering identification threats.Finally,the proposed method is analyzed and validated by typical social engineering cases and open datasets.(3)A social engineering detection method for attack process is proposed.The current social engineering detection methods lack of analysis and application of the essential characteristics of attack process.Based on the analysis of social engineering attack process,the paper proposes a feature framework of social engineering attack process,which is composed of basic layer,logic layer and cognition layer.Then,a social engineering detection method for attack process is described based on the feature framework.SMS phishing detection is applied as a typical form of social engineering attack.According to the proposed method,three types of features are extracted,including token features(basic layer),topic features(logic layer)and Linguistic Inquiry and Word Count(LIWC)features(cognition layer).Over sampling and feature optimization methods are used to solve the problems of data imbalance and feature optimization in the detection of phishing messages.Finally,the proposed method is validated on an open dataset.