Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples
This work addresses the problem of understanding and mitigating social engineering attacks for cybersecurity professionals, but it is incremental as it applies existing ontology and knowledge graph methods to this domain.
The paper developed a domain ontology with 11 concepts and 22 relations for social engineering in cybersecurity, and built a knowledge graph from 15 attack incidents, demonstrating its utility in six analysis patterns for understanding and identifying threats.
Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.