Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples

by   Zuoguang Wang, et al.

Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.


page 1

page 12

page 13

page 14

page 15


Pattern-based Visualization of Knowledge Graphs

We present a novel approach to knowledge graph visualization based on on...

Ontology-driven Knowledge Graph for Android Malware

We present MalONT2.0 – an ontology for malware threat intelligence <cit....

Analysis of Recent Attacks based on Social Engineering Techniques

This paper attempts to strengthen the pursued research on social enginee...

Detection and Amelioration of Social Engineering Vulnerability in Contingency Table Data using an Orthogonalised Log-linear Analysis

Social Engineering has emerged as a significant threat in cyber security...

An Ontological Approach to Analysing Social Service Provisioning

This paper introduces ontological concepts required to evaluate and mana...

Semantic Property Graph for Scalable Knowledge Graph Analytics

Graphs are a natural and fundamental representation of describing the ac...

Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

This paper explores the threat detection for general Social Engineering ...

Please sign up or login with your details

Forgot password? Click here to reset