Defining Social Engineering in Cybersecurity
Social engineering has posed a serious security threat to infrastructure, user, data and operations of cyberspace. Nevertheless, there are many conceptual deficiencies (such as inconsistent conceptual intensions, a vague conceptual boundary, confusing instances, overgeneralization and abuse) of the...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9087851/ |
| _version_ | 1819175878736740352 |
|---|---|
| author | Zuoguang Wang Limin Sun Hongsong Zhu |
| author_facet | Zuoguang Wang Limin Sun Hongsong Zhu |
| author_sort | Zuoguang Wang |
| collection | DOAJ |
| description | Social engineering has posed a serious security threat to infrastructure, user, data and operations of cyberspace. Nevertheless, there are many conceptual deficiencies (such as inconsistent conceptual intensions, a vague conceptual boundary, confusing instances, overgeneralization and abuse) of the term making serious negative impacts on the understanding, analysis and defense of social engineering attacks. In this paper, an in-depth literature survey is conducted, the original meaning of social engineering in cybersecurity is traced, the conceptual evolution and technical development are analysed systematically, and the conceptual problems are discussed. Based on above work, this paper attempts to address these conceptual deficiencies by proposing a more compatible and precise definition of social engineering in cybersecurity (SEiCS). This definition eliminates the conceptual inconsistencies, covers the mainstream conceptual connotations, clarifies the conceptual boundary, mitigates the overgeneralization and abuse, etc. Five analysis tables (i.e., the comparative analysis of the SEiCS definition vs. mainstream conceptual intensions in the conceptual evolution, the comparative analysis of the SEiCS definition vs. typical definitions in the literature, the analysis of confusing “social engineering cases”, the analysis of popular social engineering attack scenarios, and the analysis of social-engineering-based attacks) are provided to illustrate the performance of the proposed definition. |
| first_indexed | 2024-12-22T21:01:52Z |
| format | Article |
| id | doaj.art-6a27fbbdb05d474b820e16ff1094bd45 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-22T21:01:52Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-6a27fbbdb05d474b820e16ff1094bd452022-12-21T18:12:48ZengIEEEIEEE Access2169-35362020-01-018850948511510.1109/ACCESS.2020.29928079087851Defining Social Engineering in CybersecurityZuoguang Wang0https://orcid.org/0000-0002-1982-5657Limin Sun1Hongsong Zhu2School of Cyber Security, University of Chinese Academy of Sciences, Beijing, ChinaSchool of Cyber Security, University of Chinese Academy of Sciences, Beijing, ChinaSchool of Cyber Security, University of Chinese Academy of Sciences, Beijing, ChinaSocial engineering has posed a serious security threat to infrastructure, user, data and operations of cyberspace. Nevertheless, there are many conceptual deficiencies (such as inconsistent conceptual intensions, a vague conceptual boundary, confusing instances, overgeneralization and abuse) of the term making serious negative impacts on the understanding, analysis and defense of social engineering attacks. In this paper, an in-depth literature survey is conducted, the original meaning of social engineering in cybersecurity is traced, the conceptual evolution and technical development are analysed systematically, and the conceptual problems are discussed. Based on above work, this paper attempts to address these conceptual deficiencies by proposing a more compatible and precise definition of social engineering in cybersecurity (SEiCS). This definition eliminates the conceptual inconsistencies, covers the mainstream conceptual connotations, clarifies the conceptual boundary, mitigates the overgeneralization and abuse, etc. Five analysis tables (i.e., the comparative analysis of the SEiCS definition vs. mainstream conceptual intensions in the conceptual evolution, the comparative analysis of the SEiCS definition vs. typical definitions in the literature, the analysis of confusing “social engineering cases”, the analysis of popular social engineering attack scenarios, and the analysis of social-engineering-based attacks) are provided to illustrate the performance of the proposed definition.https://ieeexplore.ieee.org/document/9087851/Definitionsocial engineeringcyberspacesecurityterm and conceptionhistory and origin |
| spellingShingle | Zuoguang Wang Limin Sun Hongsong Zhu Defining Social Engineering in Cybersecurity IEEE Access Definition social engineering cyberspace security term and conception history and origin |
| title | Defining Social Engineering in Cybersecurity |
| title_full | Defining Social Engineering in Cybersecurity |
| title_fullStr | Defining Social Engineering in Cybersecurity |
| title_full_unstemmed | Defining Social Engineering in Cybersecurity |
| title_short | Defining Social Engineering in Cybersecurity |
| title_sort | defining social engineering in cybersecurity |
| topic | Definition social engineering cyberspace security term and conception history and origin |
| url | https://ieeexplore.ieee.org/document/9087851/ |
| work_keys_str_mv | AT zuoguangwang definingsocialengineeringincybersecurity AT liminsun definingsocialengineeringincybersecurity AT hongsongzhu definingsocialengineeringincybersecurity |