Wenjun Fan

Work place: Department of Telematics Engineering, ETSI Telecommunication Technical University of Madrid, Madrid, Spain

E-mail: efan@dit.upm.es

Website:

Research Interests: Information Security, Intrusion Detection System, Network Security, Information Systems, Information Retrieval

Biography

Wenjun Fan is currently a Phd candidate in the Department of Telematics Engineering (DIT) at Technical University of Madrid (UPM) since September 2011. His research areas include network & system security, information security, intrusion detection and response.

Author Articles
Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

By Wenjun Fan Kevin Lwakatare Rong Rong

DOI: https://doi.org/10.5815/ijcnis.2017.01.01, Pub. Date: 8 Jan. 2017

Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.

[...] Read more.
Other Articles