Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

보안 위험 평가를 위한 사회공학 공격 그래프 : Social Engineering Attack Graph framework(SEAG)Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)

Other Titles
Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)
Authors
김준석강현재김진수김휘강
Issue Date
2018
Publisher
한국컴퓨터정보학회
Keywords
Attack graph; Social engineering; Risk assessment; Network security; APT attack
Citation
한국컴퓨터정보학회논문지, v.23, no.11, pp.75 - 84
Indexed
KCI
Journal Title
한국컴퓨터정보학회논문지
Volume
23
Number
11
Start Page
75
End Page
84
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/79635
DOI
10.9708/jksci.2018.23.11.075
ISSN
1598-849X
Abstract
Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.
Files in This Item
There are no files associated with this item.
Appears in
Collections
School of Cyber Security > Department of Information Security > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Altmetrics

Total Views & Downloads

BROWSE