Skip to main content
SpringerLink
Log in

Social Engineering Based Security Requirements Elicitation Model for Advanced Persistent Threats

  • Conference paper
  • First Online:
Requirements Engineering for Internet of Things (APRES 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 809))

Included in the following conference series:

Abstract

APT attacks are increasing every year, and these APT attacks begin with social engineering attacks. In order to be effective in blocking APT attacks, blocking social engineering attacks make it possible to prevent APT attacks in advance. In this study, we define human factors which greatly influence social engineering attacks, and make it possible to obtain appropriate security requirements by modeling the relationships among human vulnerability, social engineering attacks and security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://global.ahnlab.com/site/product/productSubDetail.do?prodSeq=15231.

  2. 2.

    https://securelist.com/the-human-factor-and-information-security/36067/.

  3. 3.

    http://biz.chosun.com/site/data/html_dir/2016/04/29/2016042900679.html?Dep0=twitter.

References

  1. Darren, A., Paul, B., Chui, C.F., Gary S.: WorldWide infrastructure security report, Arbor networks special report vol. XII (2017)

    Google Scholar 

  2. Ponemon Institute: 2011 Cost of Data Breach Study, US (2012)

    Google Scholar 

  3. Mouton, F., Leenen, L., Malan, M.M., Venter, H.S.: Towards an ontological model defining the social engineering domain. In: Kimppa, K., Whitehouse, D., Kuusela, T., Phahlamohlaka, J. (eds.) HCC 2014. IAICT, vol. 431, pp. 266–279. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44208-1_22

    Google Scholar 

  4. Widdowson, A.J., Goodliff, P.B.: CHEAT, an approach to incorporating human factors in cyber security assessments. In: System Safety and Cyber-Security Conference (2015)

    Google Scholar 

  5. Harley, D.: Re-floating the titanic: Dealing with social engineering attacks. In: European Institute for Computer Antivirus Research (1998)

    Google Scholar 

  6. Laribee, L.: Development of methodical social engineering taxonomy project. Msc, Naval Postgraduate School, Monterey, California, June 2006

    Google Scholar 

  7. Tetri, P., Vuorinen, J.: Dissecting social engineering. Behav. Inform. Technol. 32(10), 1014–1023 (2013)

    Article  Google Scholar 

  8. Mouton, F., Leenen, L., Malan, M.M., Venter, H.S.: Towards an ontological model defining the social engineering domain. In: 11th Human Choice and Computers International Conference, Turku, Finland, July 2014, pp. 266–279 (2014)

    Google Scholar 

  9. Kim, B.J., Lee, S.W.: Analytical study of cognitive layered approach for understanding security requirements using problem domain ontology. In: 23rd Asia-Pacific Software Engineering Conference (APSEC), pp. 1530–1362 (2016)

    Google Scholar 

  10. Common Criteria, Part 1: Introduction and general model in Common Criteria for Information Technology Security Evaluation, Common Criteria, pp. 38–44 (2012)

    Google Scholar 

  11. Lee, S.-W., Gandhi, R., Muthuranjan, D., Yavagal, D., Gail-Joon, A.: Building problem domain ontology from security requirements in regulatory documents. In: Workshop on Software Engineering for Secure Systems, New York (2006)

    Google Scholar 

  12. NIST: Managing Information Security Risk: Organisation, Mission, and Information System View. National Institute of Standards and Technology, March 2011

    Google Scholar 

  13. Beth, E.B., McRee, R., O’Connor, T.J.: Assessing outbound Traffic to Uncover Advanced Persistent Threat. SANS Technology Institute (2011)

    Google Scholar 

  14. Marchetti, M., et al.: Analysis of high volumes of network traffic for Advanced Persistent Threat detection. Comput. Netw. 109, 127–141 (2016)

    Article  Google Scholar 

  15. Niu, W., et al.: Identifying APT Malware Domain Based on Mobile DNS Logging. In: Mathematical Problems in Engineering, vol. 2017 (2017)

    Google Scholar 

Download references

Acknowledgement

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF- 2017R1D1A1B03034279).

This research was supported by the MIST(Ministry of Science and ICT), Korea, under the National Program for Excellence in SW supervised by the IITP (Institute for Information & communications Technology Promotion) (20150009080031001).

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Ajou University, Suwon, Korea

    Seung-Jun Kim

  2. Department of Software and Computer Engineering, Ajou University, Suwon, Korea

    Seok-Won Lee

Authors
  1. Seung-Jun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seok-Won Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Seung-Jun Kim or Seok-Won Lee .

Editor information

Editors and Affiliations

  1. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Massila Kamalrudin

  2. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Sabrina Ahmad

  3. Riphah International University, Islamabad, Pakistan

    Naveed Ikram

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, SJ., Lee, SW. (2018). Social Engineering Based Security Requirements Elicitation Model for Advanced Persistent Threats. In: Kamalrudin, M., Ahmad, S., Ikram, N. (eds) Requirements Engineering for Internet of Things. APRES 2017. Communications in Computer and Information Science, vol 809. Springer, Singapore. https://doi.org/10.1007/978-981-10-7796-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7796-8_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7795-1

  • Online ISBN: 978-981-10-7796-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation