Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG) |
Kim, Jun Seok
(Graduate School of Information Security, Korea University)
Kang, Hyunjae (Graduate School of Information Security, Korea University) Kim, Jinsoo (Agency for Defense Development) Kim, Huy Kang (Graduate School of Information Security, Korea University) |
1 | Beckers, Kristian, Leanid Krautsevich, and Artsiom Yautsiukhin. "Analysis of social engineering threats with attack graphs." Data privacy management, autonomous spontaneous security, and security assurance. Springer, Cham, 2015. 216-232. |
2 | Moon, Joo Yeon, et al. "An Attack Graph Model for Dynamic Network Environment" Journal of The Korea Institue of Information Security & Cryptology 28.2 (2018): 485-500. |
3 | Mitnick, Kevin D. and William L. Simon. The art of deception: Controlling the human element of security. John Wiley & Sons, 2011. |
4 | Hadnagy, Christopher. Social engineering: The art of human hacking. John Wiley & Sons, 2010. |
5 | Artz, Michael Lyle. Netspa: A network security planning architecture. Diss. Massachusetts Institute of Technology, 2002. |
6 | Ou, Xinming, Sudhakar Govindavajhala, and Andrew W. Appel. "MulVAL: A Logic-based Network Security Analyzer." USENIX Security Symposium. Vol. 8. 2005. |
7 | Ou, Xinming, Wayne F. Boyer, and Miles A. McQueen. "A scalable approach to attack graph generation." Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006. |
8 | Ingols, Kyle, Richard Lippmann, and Keith Piwowarski. "Practical attack graph generation for network defense." Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual. IEEE, 2006. |
9 | Poolsappasit, Nayot, Rinku Dewri, and Indrajit Ray. "Dynamic security risk management using bayesian attack graphs." IEEE Transactions on Dependable and Secure Computing 9.1 (2012): 61-74. DOI |
10 | Wang, Lingyu, et al. "An attack graph-based probabilistic security metric." IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Berlin, Heidelberg, 2008. |
11 | Keramati, Marjan, Ahmad Akbari, and Mahsa Keramati. "CVSS-based security metrics for quantitative analysis of attack graphs." Computer and Knowledge Engineering (ICCKE), 2013 3th International eConference on. IEEE, 2013. |
12 | Ge, Mengmeng, et al. "Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches." Dependable Systems and Networks Workshop (DSN-W), 2017 47th Annual IEEE/IFIP International Conference on. IEEE, 2017. |
13 | Wang, Lingyu, et al. "k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities." IEEE Transactions on Dependable and Secure Computing 11.1 (2014): 30-44. DOI |
14 | Yusuf, Simon Enoch, et al. "Security Modelling and Analysis of Dynamic Enterprise Networks." Computer and Information Technology (CIT), 2016 IEEE International Conference on. IEEE, 2016. |
15 | Moon, Young Hoon, et al. "Hybrid Attack Path Enumeration System Based on Reputation Scores." Computer and Information Technology (CIT), 2016 IEEE International Conference on. IEEE, 2016. |
16 | Dimkov, Trajce, et al. "Two methodologies for physical penetration testing using social engineering." Proceedings of the 26th annual computer security applications conference. ACM, 2010. |
17 | Ivaturi, Koteswara, and Lech Janczewski. "A taxonomy for social engineering attacks." International Conference on Information Resources Management. Centre for Information Technology, Organizations, and People, 2011. |
18 | Pavkovic, Nikola, and Luka Perkov. "Social Engineering Toolkit-A systematic approach to social engineering." MIPRO, 2011 Proceedings of the 34th International Convention. IEEE, 2011. |
19 | Algarni, Abdullah, et al. "Social engineering in social networking sites: Affect-based model." Internet technology and secured transactions (icitst), 2013 8th international conference for. IEEE, 2013. |
20 | Mouton, Francois, et al. "Social engineering attack framework." Information Security for South Africa (ISSA), 2014. IEEE, 2014. |