Ashraful Tauhid, M. Tasnim, Saima Noor, Nuruzzaman Faruqui, M. Yousuf
Cryptography and Steganography are two prominent techniques to obtain secure communication over the shared media like the Internet. Steganography is slightly ahead of cryptography because of its stealthy characteristics. In this paper, a new method has been proposed which combines cryptography and steganography to ensure even more secure communication. The Advanced Encryption Standard (AES) in spatial domain of the carrier/cover image and Least Significant Bit (LSB) replacement in the transformed domain of the same image has been used after performing a Discrete Cosine Transform (DCT) on the pixels. An additional layer of security has been introduced by applying XOR operation on the AES encrypted message with the pixel values of the carrier image. The Peak Signal to Noise Ratio (PSNR) of the proposed algorithm is better than most of the similar algorithms. With better PSNR, the proposed method depicts a three layer of security of the information and error free decryption.
{"title":"A Secure Image Steganography Using Advanced Encryption Standard and Discrete Cosine Transform","authors":"Ashraful Tauhid, M. Tasnim, Saima Noor, Nuruzzaman Faruqui, M. Yousuf","doi":"10.4236/JIS.2019.103007","DOIUrl":"https://doi.org/10.4236/JIS.2019.103007","url":null,"abstract":"Cryptography and Steganography are two prominent techniques to obtain secure communication over the shared media like the Internet. Steganography is slightly ahead of cryptography because of its stealthy characteristics. In this paper, a new method has been proposed which combines cryptography and steganography to ensure even more secure communication. The Advanced Encryption Standard (AES) in spatial domain of the carrier/cover image and Least Significant Bit (LSB) replacement in the transformed domain of the same image has been used after performing a Discrete Cosine Transform (DCT) on the pixels. An additional layer of security has been introduced by applying XOR operation on the AES encrypted message with the pixel values of the carrier image. The Peak Signal to Noise Ratio (PSNR) of the proposed algorithm is better than most of the similar algorithms. With better PSNR, the proposed method depicts a three layer of security of the information and error free decryption.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44665441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The advent of technology brought forth a myriad of developments that have streamlined the manner through which people operate. With the growing need to be at the forefront of communication and information, people have resorted to the use of mobile phones with a great percentile preferring android oriented systems. Similarly, the systems are susceptible to the various threats posed by technology with due summations showing that security flaws and unauthorized access to sensitive data pose a huge threat to the overarching efficacy of the android systems. The research presented lays a primal focus on how users can improve intrinsic android features through the use of Google services, rooting, custom kernels and ROM techniques. The research also focused on how Android security features can be improved when using or installing applications. Results indicate that the rooting process is the most conclusive and safest scheme. Summations drawn are indicative of the fact that system security is a moot research topic that requires further research into how it can be improved.
{"title":"Android Security and Its Rooting—A Possible Improvement of Its Security Architecture","authors":"Nick Rahimi, J. Nolen, B. Gupta","doi":"10.4236/JIS.2019.102005","DOIUrl":"https://doi.org/10.4236/JIS.2019.102005","url":null,"abstract":"The advent of technology brought forth a myriad of developments that have streamlined the manner through which people operate. With the growing need to be at the forefront of communication and information, people have resorted to the use of mobile phones with a great percentile preferring android oriented systems. Similarly, the systems are susceptible to the various threats posed by technology with due summations showing that security flaws and unauthorized access to sensitive data pose a huge threat to the overarching efficacy of the android systems. The research presented lays a primal focus on how users can improve intrinsic android features through the use of Google services, rooting, custom kernels and ROM techniques. The research also focused on how Android security features can be improved when using or installing applications. Results indicate that the rooting process is the most conclusive and safest scheme. Summations drawn are indicative of the fact that system security is a moot research topic that requires further research into how it can be improved.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49188651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher
Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.
{"title":"Associated Risks in Mobile Applications Permissions","authors":"Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher","doi":"10.4236/JIS.2019.102004","DOIUrl":"https://doi.org/10.4236/JIS.2019.102004","url":null,"abstract":"Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45648992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Though the History of using password in computing can be traced back to as far as mid of last century little focus has been implied on how to securely store and retrieve password to authenticate and authorize services to the end users. In this paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept-GPU based, password hash dump cracking using the power of cloud computing. We will be providing comparison on different password hashing cracking time using the cloud GPU power in AWS. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords.
{"title":"Security of Password Hashing in Cloud","authors":"P. Kamal","doi":"10.4236/jis.2019.102003","DOIUrl":"https://doi.org/10.4236/jis.2019.102003","url":null,"abstract":"Though the History of using password in computing can be traced back to as far as mid of last century little focus has been implied on how to securely store and retrieve password to authenticate and authorize services to the end users. In this paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept-GPU based, password hash dump cracking using the power of cloud computing. We will be providing comparison on different password hashing cracking time using the cloud GPU power in AWS. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46845811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article explores four critical groups of systematic risk embedded in smart contract employment using the analytic hierarchy process (AHP). The four principal risk analysis groups include: 1) transparency in the light of corporate governance 2) IT security 3) contract management automation and 4) legality. The AHP assists both decision-makers and stakeholders alike in the evaluation process essential for identifying potential technological constraints posed within a permissioned blockchain environment using peer-to-peer format in the absence of digital currency. Based upon critical assessment, the AHP methodology enables pairwise comparisons among different features and consequently increases the knowledge regarding these attributes in light of the software’s risk assessment.
{"title":"The Hazards of Misusing the Smart Contract: An AHP Approach to Its Risk","authors":"Romulo Luciano","doi":"10.4236/jis.2019.101002","DOIUrl":"https://doi.org/10.4236/jis.2019.101002","url":null,"abstract":"This article explores four critical groups of systematic risk embedded in smart contract employment using the analytic hierarchy process (AHP). The four principal risk analysis groups include: 1) transparency in the light of corporate governance 2) IT security 3) contract management automation and 4) legality. The AHP assists both decision-makers and stakeholders alike in the evaluation process essential for identifying potential technological constraints posed within a permissioned blockchain environment using peer-to-peer format in the absence of digital currency. Based upon critical assessment, the AHP methodology enables pairwise comparisons among different features and consequently increases the knowledge regarding these attributes in light of the software’s risk assessment.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44310516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In today’s world, computer network is evolving very rapidly. Most public or/and private companies set up their own local networks system for the purpose of promoting communication and data sharing within the companies. Unfortunately, their data and local networks system are under risks. With the advanced computer networks, the unauthorized users attempt to access their local networks system so as to compromise the integrity, confidentiality and availability of resources. Multiple methods and approaches have to be applied to protect their data and local networks system against malicious attacks. The main aim of our paper is to provide an intrusion detection system based on soft computing algorithms such as Self Organizing Feature Map Artificial Neural Network and Genetic Algorithm to network intrusion detection system. KDD Cup 99 and 1998 DARPA dataset were employed for training and testing the intrusion detection rules. However, GA’s traditional Fitness Function was improved in order to evaluate the efficiency and effectiveness of the algorithm in classifying network attacks from KDD Cup 99 and 1998 DARPA dataset. SOFM ANN and GA training parameters were discussed and implemented for performance evaluation. The experimental results demonstrated that SOFM ANN achieved better performance than GA, where in SOFM ANN high attack detection rate is 99.98%, 99.89%, 100%, 100%, 100% and low false positive rate is 0.01%, 0.1%, 0%, 0%, 0% for DoS, R2L, Probe, U2R attacks, and Normal traffic respectively.
当今世界,计算机网络发展非常迅速。大多数公营或/及私营公司都设立了自己的本地网络系统,以促进公司内部的通讯和数据共享。不幸的是,他们的数据和本地网络系统处于危险之中。随着先进的计算机网络,未经授权的用户试图访问本地网络系统,从而损害资源的完整性、保密性和可用性。必须采用多种方法和途径来保护他们的数据和本地网络系统免受恶意攻击。本文的主要目的是为网络入侵检测系统提供一种基于自组织特征映射、人工神经网络和遗传算法等软计算算法的入侵检测系统。采用KDD Cup 99和1998年DARPA数据集训练和测试入侵检测规则。然而,为了评估算法对KDD Cup 99和1998 DARPA数据集的网络攻击分类的效率和有效性,对遗传算法的传统适应度函数进行了改进。讨论并实现了SOFM、ANN和GA训练参数的性能评价。实验结果表明,SOFM神经网络的性能优于遗传算法,SOFM神经网络对DoS攻击、R2L攻击、Probe攻击、U2R攻击和Normal流量的高检测率分别为99.98%、99.89%、100%、100%、100%,低误报率分别为0.01%、0.1%、0%、0%、0%。
{"title":"Implementation of Network Intrusion Detection System Using Soft Computing Algorithms (Self Organizing Feature Map and Genetic Algorithm)","authors":"J. T. Hounsou, Thierry Nsabimana, Jules Degila","doi":"10.4236/JIS.2019.101001","DOIUrl":"https://doi.org/10.4236/JIS.2019.101001","url":null,"abstract":"In today’s world, computer network is evolving very rapidly. Most public or/and private companies set up their own local networks system for the purpose of promoting communication and data sharing within the companies. Unfortunately, their data and local networks system are under risks. With the advanced computer networks, the unauthorized users attempt to access their local networks system so as to compromise the integrity, confidentiality and availability of resources. Multiple methods and approaches have to be applied to protect their data and local networks system against malicious attacks. The main aim of our paper is to provide an intrusion detection system based on soft computing algorithms such as Self Organizing Feature Map Artificial Neural Network and Genetic Algorithm to network intrusion detection system. KDD Cup 99 and 1998 DARPA dataset were employed for training and testing the intrusion detection rules. However, GA’s traditional Fitness Function was improved in order to evaluate the efficiency and effectiveness of the algorithm in classifying network attacks from KDD Cup 99 and 1998 DARPA dataset. SOFM ANN and GA training parameters were discussed and implemented for performance evaluation. The experimental results demonstrated that SOFM ANN achieved better performance than GA, where in SOFM ANN high attack detection rate is 99.98%, 99.89%, 100%, 100%, 100% and low false positive rate is 0.01%, 0.1%, 0%, 0%, 0% for DoS, R2L, Probe, U2R attacks, and Normal traffic respectively.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"20 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. M. Talib, Fahad Omar Alomary, H. Alwadi, Rawan Albusayli
Cyber security is an important element of national security and the safekeeping of a nation’s constituency and assets. In Saudi Arabia, the point of interest on cyber security is particularly outstanding due to the fact that Saudi Arabia has a highly cyber attacks all over the Arab countries. This paper displays on contemporary studies done in Saudi Arabia in regards to cyber security policy coverage. The point of interest of this paper is the use of ontology to identify and suggest a formal, encoded description of the cyber security strategic environment, and propose the development of ontology to be able to permit the implementation of the sort of policy. The intention of the ontology is to become aware of and constitute the multi-layered company of gamers and their related roles and obligations within the cyber security environment. This could make contributions in large part to the improvement, implementation and rollout of a country wide cyber security policy in Saudi Arabia.
{"title":"Ontology-Based Cyber Security Policy Implementation in Saudi Arabia","authors":"A. M. Talib, Fahad Omar Alomary, H. Alwadi, Rawan Albusayli","doi":"10.4236/jis.2018.94021","DOIUrl":"https://doi.org/10.4236/jis.2018.94021","url":null,"abstract":"Cyber security is an important element of national security and the safekeeping of a nation’s constituency and assets. In Saudi Arabia, the point of interest on cyber security is particularly outstanding due to the fact that Saudi Arabia has a highly cyber attacks all over the Arab countries. This paper displays on contemporary studies done in Saudi Arabia in regards to cyber security policy coverage. The point of interest of this paper is the use of ontology to identify and suggest a formal, encoded description of the cyber security strategic environment, and propose the development of ontology to be able to permit the implementation of the sort of policy. The intention of the ontology is to become aware of and constitute the multi-layered company of gamers and their related roles and obligations within the cyber security environment. This could make contributions in large part to the improvement, implementation and rollout of a country wide cyber security policy in Saudi Arabia.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"09 1","pages":"315-333"},"PeriodicalIF":0.0,"publicationDate":"2018-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43868006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ali Alqazzaz, Ibrahim Alrashdi, E. Aloufi, M. Zohdy, Hua Ming
Smart parking systems are a crucial component of the “smart city” concept, especially in the age of the Internet of Things (IoT). They aim to take the stress out of finding a vacant parking spot in city centers, due to the increasing number of cars, especially during peak hours. To realize the concept of smart parking, IoT-enabling technologies must be utilized, as the traditional way of developing smart parking solutions entails a lack of scalability, compatibility with IoT-constrained devices, security, and privacy awareness. In this paper, we propose a secure and privacy-preserving framework for smart parking systems. The framework relies on the publish/subscribe communication model for exchanging a huge volume of data with a large number of clients. On one hand, it provides functional services, including parking vacancy detection, real-time information for drivers about parking availability, driver guidance, and parking reservation. On the other hand, it provides security approaches on both the network and application layers. In addition, it supports mutual authentication mechanisms between entities to ensure device/ data authenticity, and provide security protection for users. That makes our proposed framework resilient to various types of security attacks, such as replay, phishing, and man-in-the-middle attacks. Finally, we analyze the performance of our framework, which is suitable for IoT devices, in terms of computation and network overhead.
{"title":"SecSPS: A Secure and Privacy-Preserving Framework for Smart Parking Systems","authors":"Ali Alqazzaz, Ibrahim Alrashdi, E. Aloufi, M. Zohdy, Hua Ming","doi":"10.4236/JIS.2018.94020","DOIUrl":"https://doi.org/10.4236/JIS.2018.94020","url":null,"abstract":"Smart parking systems are a crucial component of the “smart city” concept, especially in the age of the Internet of Things (IoT). They aim to take the stress out of finding a vacant parking spot in city centers, due to the increasing number of cars, especially during peak hours. To realize the concept of smart parking, IoT-enabling technologies must be utilized, as the traditional way of developing smart parking solutions entails a lack of scalability, compatibility with IoT-constrained devices, security, and privacy awareness. In this paper, we propose a secure and privacy-preserving framework for smart parking systems. The framework relies on the publish/subscribe communication model for exchanging a huge volume of data with a large number of clients. On one hand, it provides functional services, including parking vacancy detection, real-time information for drivers about parking availability, driver guidance, and parking reservation. On the other hand, it provides security approaches on both the network and application layers. In addition, it supports mutual authentication mechanisms between entities to ensure device/ data authenticity, and provide security protection for users. That makes our proposed framework resilient to various types of security attacks, such as replay, phishing, and man-in-the-middle attacks. Finally, we analyze the performance of our framework, which is suitable for IoT devices, in terms of computation and network overhead.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"09 1","pages":"299-314"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48679166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Antiviral software systems (AVSs) have problems in detecting polymorphic variants of viruses without specific signatures for such variants. Previous alignment-based approaches for automatic signature extraction have shown how signatures can be generated from consensuses found in polymorphic variant code. Such sequence alignment approaches required variable length viral code to be extended through gap insertions into much longer equal length code for signature extraction through data mining of consensuses. Non-nested generalized exemplars (NNge) are used in this paper in an attempt to further improve the automatic detection of polymorphic variants. The important contribution of this paper is to compare a variable length data mining technique using viral source code to the previously used equal length data mining technique obtained through sequence alignment. This comparison was achieved by conducting three different experiments (i.e. Experiments I-III). Although Experiments I and II generated unique and effective syntactic signatures, Experiment III generated the most effective signatures with an average detection rate of over 93%. The implications are that future, syntactic-based smart AVSs may be able to generate effective signatures automatically from malware code by adopting data mining and alignment techniques to cover for both known and unknown polymorphic variants and without the need for semantic (run-time) analysis.
{"title":"Generating Rule-Based Signatures for Detecting Polymorphic Variants Using Data Mining and Sequence Alignment Approaches","authors":"Vijay Naidu, Jacqueline L. Whalley, A. Narayanan","doi":"10.4236/JIS.2018.94019","DOIUrl":"https://doi.org/10.4236/JIS.2018.94019","url":null,"abstract":"Antiviral software systems (AVSs) have problems in detecting polymorphic variants of viruses without specific signatures for such variants. Previous alignment-based approaches for automatic signature extraction have shown how signatures can be generated from consensuses found in polymorphic variant code. Such sequence alignment approaches required variable length viral code to be extended through gap insertions into much longer equal length code for signature extraction through data mining of consensuses. Non-nested generalized exemplars (NNge) are used in this paper in an attempt to further improve the automatic detection of polymorphic variants. The important contribution of this paper is to compare a variable length data mining technique using viral source code to the previously used equal length data mining technique obtained through sequence alignment. This comparison was achieved by conducting three different experiments (i.e. Experiments I-III). Although Experiments I and II generated unique and effective syntactic signatures, Experiment III generated the most effective signatures with an average detection rate of over 93%. The implications are that future, syntactic-based smart AVSs may be able to generate effective signatures automatically from malware code by adopting data mining and alignment techniques to cover for both known and unknown polymorphic variants and without the need for semantic (run-time) analysis.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"9 1","pages":"265-298"},"PeriodicalIF":0.0,"publicationDate":"2018-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42761151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.
{"title":"Social Engineering Threat and Defense: A Literature Survey","authors":"Islam Abdalla Mohamed Abass","doi":"10.4236/JIS.2018.94018","DOIUrl":"https://doi.org/10.4236/JIS.2018.94018","url":null,"abstract":"This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"09 1","pages":"257-264"},"PeriodicalIF":0.0,"publicationDate":"2018-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46077424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: