@article{ART002406755},
author={Kim Jun Seok and Hyunjae Kang and Jinsoo Kim and Huy-Kang Kim},
title={Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2018},
volume={23},
number={11},
pages={75-84},
doi={10.9708/jksci.2018.23.11.075}
TY - JOUR
AU - Kim Jun Seok
AU - Hyunjae Kang
AU - Jinsoo Kim
AU - Huy-Kang Kim
TI - Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)
JO - Journal of The Korea Society of Computer and Information
PY - 2018
VL - 23
IS - 11
PB - The Korean Society Of Computer And Information
SP - 75
EP - 84
SN - 1598-849X
AB - Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually.
Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.
KW - Attack graph;Social engineering;Risk assessment;Network security;APT attack
DO - 10.9708/jksci.2018.23.11.075
ER -
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim and Huy-Kang Kim. (2018). Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG). Journal of The Korea Society of Computer and Information, 23(11), 75-84.
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim and Huy-Kang Kim. 2018, "Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)", Journal of The Korea Society of Computer and Information, vol.23, no.11 pp.75-84. Available from: doi:10.9708/jksci.2018.23.11.075
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim, Huy-Kang Kim "Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)" Journal of The Korea Society of Computer and Information 23.11 pp.75-84 (2018) : 75.
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim, Huy-Kang Kim. Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG). 2018; 23(11), 75-84. Available from: doi:10.9708/jksci.2018.23.11.075
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim and Huy-Kang Kim. "Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)" Journal of The Korea Society of Computer and Information 23, no.11 (2018) : 75-84.doi: 10.9708/jksci.2018.23.11.075
Kim Jun Seok; Hyunjae Kang; Jinsoo Kim; Huy-Kang Kim. Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG). Journal of The Korea Society of Computer and Information, 23(11), 75-84. doi: 10.9708/jksci.2018.23.11.075
Kim Jun Seok; Hyunjae Kang; Jinsoo Kim; Huy-Kang Kim. Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG). Journal of The Korea Society of Computer and Information. 2018; 23(11) 75-84. doi: 10.9708/jksci.2018.23.11.075
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim, Huy-Kang Kim. Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG). 2018; 23(11), 75-84. Available from: doi:10.9708/jksci.2018.23.11.075
Kim Jun Seok, Hyunjae Kang, Jinsoo Kim and Huy-Kang Kim. "Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)" Journal of The Korea Society of Computer and Information 23, no.11 (2018) : 75-84.doi: 10.9708/jksci.2018.23.11.075