A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges

IF 7.4 1区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Information Processing & Management Pub Date : 2024-10-30 DOI:10.1016/j.ipm.2024.103928

Tejal Rathod , Nilesh Kumar Jadav , Sudeep Tanwar , Abdulatif Alabdulatif , Deepak Garg , Anupam Singh

{"title":"A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges","authors":"Tejal Rathod , Nilesh Kumar Jadav , Sudeep Tanwar , Abdulatif Alabdulatif , Deepak Garg , Anupam Singh","doi":"10.1016/j.ipm.2024.103928","DOIUrl":null,"url":null,"abstract":"<div><div>Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.</div></div>","PeriodicalId":50365,"journal":{"name":"Information Processing & Management","volume":null,"pages":null},"PeriodicalIF":7.4000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Processing & Management","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0306457324002875","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Social engineering attacks are inevitable and imperil the integrity, security, and confidentiality of the information used on social media platforms. Prominent technologies, such as blockchain, artificial intelligence (AI), and proactive access controls, were adopted in the literature to confront the social engineering attacks on social media. Nevertheless, a comprehensive survey on this topic is notably absent from the current body of research. Inspired by that, we propose an exhaustive survey comprising an in-depth analysis of 10 distinct social engineering attacks with their real-time scenarios. Furthermore, a detailed solution taxonomy is presented, offering valuable insights (e.g., objective, methodology, and results) to tackle social engineering attacks effectively. Based on the solution taxonomy, we propose an AI and blockchain-based malicious uniform resource locator (URL) detection framework (as a case study) to confront social engineering attacks on the Meta platform. For that, a standard dataset is utilized, which comprises 12 different datasets containing 3980870 malicious and non-malicious URLs. To classify URLs, a binary classification problem is formulated and solved by using different AI classifiers, such as Naive Bayes (NB), decision tree (DT), support vector machine (SVM), and boosted tree (BT). The non-malicious URLs are forwarded to the blockchain network to ensure secure storage, strengthening the effectiveness of the malicious URL detection framework. The proposed framework is evaluated with baseline approaches, wherein the NB achieves noteworthy training accuracy, i.e., 76.87% and training time of (8.23 (s)). Additionally, interplanetary file system (IPFS)-based blockchain achieves a remarkable response time, i.e., (0.245 (ms)) compared to the conventional blockchain technology. We also used execution cost and smart contract vulnerability assessment using Slither to showcase the outperformance of blockchain technology. Lastly, we shed light on the open issues and research challenges of social engineering attacks where research gaps still exist and require further investigation.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

关于社会工程学攻击、对策、案例研究和研究挑战的全面调查

社交工程攻击是不可避免的，它危及社交媒体平台上所使用信息的完整性、安全性和保密性。文献中采用了区块链、人工智能（AI）和主动访问控制等著名技术来应对社交媒体上的社交工程攻击。然而，目前的研究成果中明显缺乏对这一主题的全面调查。受此启发，我们提出了一份详尽的调查报告，其中包括对 10 种不同社交工程攻击及其实时场景的深入分析。此外，我们还提出了详细的解决方案分类法，为有效解决社会工程学攻击提供了有价值的见解（如目标、方法和结果）。基于解决方案分类法，我们提出了一个基于人工智能和区块链的恶意统一资源定位器（URL）检测框架（作为案例研究），以应对 Meta 平台上的社交工程攻击。为此，我们使用了一个标准数据集，其中包括 12 个不同的数据集，包含 3980870 个恶意和非恶意 URL。为了对 URL 进行分类，制定了一个二元分类问题，并使用不同的人工智能分类器（如 Naive Bayes (NB)、决策树 (DT)、支持向量机 (SVM) 和助推树 (BT)）加以解决。非恶意 URL 被转发到区块链网络以确保安全存储，从而加强了恶意 URL 检测框架的有效性。所提出的框架与基线方法进行了评估，其中 NB 的训练准确率达到了值得注意的水平，即 76.87%，训练时间为（8.23 (s)）。此外，与传统的区块链技术相比，基于星际文件系统（IPFS）的区块链实现了显著的响应时间，即（0.245 (ms)）。我们还利用 Slither 进行了执行成本和智能合约漏洞评估，以展示区块链技术的优越性能。最后，我们揭示了社会工程学攻击的公开问题和研究挑战，这些问题和挑战仍存在研究空白，需要进一步研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information Processing & Management 工程技术-计算机：信息系统

CiteScore

17.00

自引率

11.60%

发文量

276

审稿时长

39 days

期刊介绍： Information Processing and Management is dedicated to publishing cutting-edge original research at the convergence of computing and information science. Our scope encompasses theory, methods, and applications across various domains, including advertising, business, health, information science, information technology marketing, and social computing. We aim to cater to the interests of both primary researchers and practitioners by offering an effective platform for the timely dissemination of advanced and topical issues in this interdisciplinary field. The journal places particular emphasis on original research articles, research survey articles, research method articles, and articles addressing critical applications of research. Join us in advancing knowledge and innovation at the intersection of computing and information science.