Social Engineering has emerged as a significant threat in cyber security. In a dialog based attack, by having enough of a potential victim's personal data to be convincing, a social engineer impersonates the victim in order to manipulate the attack's target into revealing sufficient information for accessing the victim's accounts etc. We utilise the developing understanding of human information processing in the Information Sciences to characterise the vulnerability of the target to manipulation and to propose a form of countermeasure. Our focus is on the possibility of the social engineer being able to build the victim's profile by, in part, inferring personal attribute values from statistical information available either informally, from general knowledge, or, more formally, from some public database. We use an orthogonalised log linear analysis of data in the form of a contingence table to develop a measure of how susceptible particular subtables are to probabilistic inference as the basis for our proposed countermeasure. This is based on the observation that inference relies on a high degree of non-uniformity and exploits the orthogonality of the analysis to define the measure in terms of subspace projections.
翻译:在一次基于对话的攻击中,一名社会工程师假扮受害者,以便操纵攻击的目标,为获取受害者账户提供足够信息等。 我们利用信息科学中对人类信息处理的了解不断加深,以说明目标易被操纵,并提出某种形式的反措施。我们的重点是社会工程师能否通过从非正式、一般知识或更正式地从公共数据库获得的统计信息中推断出个人属性值,从而建立受害者的形象。我们使用对攻击目标的正对线性线性分析,采取调和表的形式,对数据进行对准线性线性分析,以确定特定子表在多大程度上容易产生概率性推论,作为我们拟议反措施的基础。我们这样做是基于这样一种观察,即推论取决于高度的不一致性,并利用分析的或分数性来界定子空间预测的计量。</s>