Zaporozhchenko M. Methods of predicting social engineering attacks on corporate information systems based on the userʼs security profile

Українська версія

Thesis for the degree of Doctor of Philosophy (PhD)

State registration number

0825U000699

Thesis Registration Form

0825U000699.pdf

Applicant for

Mykhailo Zaporozhchenko

Specialization

125 - Кібербезпека та захист інформації

Specialized Academic Board

PhD 7856

State University of information and communication technologies

Essay

Zaporozhchenko M.M. Methods of predicting social engineering attacks on corporate information systems based on the userʼs security profile. – Qualifying scientific work on manuscript rights. Dissertation for obtaining the scientific degree of Doctor of Philosophy in specialty 125 “Cybersecurity”. – State University of Information and Communication Technologies, MES of Ukraine, Kyiv, 2024. Social engineering attacks remain one of the critical threats to organizations due to the exploitation of the human factor as a key vulnerability. An analysis of current approaches to detecting and predicting social engineering attacks has revealed their fragmentation, as most models focus only on certain aspects of protection (technical, organizational) or user indicators (demographic, psychological, behavioral), without taking into account the interconnections and influence of external conditions. This limitation can lead to unreliable forecasts and insufficient effectiveness in countering attacks. In addition, modern methods often require significant resources and large amounts of data, which makes it difficult to implement them in organizations with limited capabilities. Thus, there is an urgent need to solve an ongoing scientific task, the purpose of which is to develop an integrative method for predicting social engineering attacks on corporate information systems based on a comprehensive model of the user’s security profile. The purpose of the study is to increase the level of security of corporate information systems against social engineering attacks based on vulnerability prediction by creating a user security profile. In the process of achieving this purpose and solving the scientific task, the main scientific results were obtained: for the first time, a comprehensive user security profile model has been developed as a basis for an integrative method for predicting social engineering attacks on corporate information systems, based on the multiplicative convolution of the results of the study of psychological, organizational, technical factors and the factor of information influence in the context of a particular user, which makes it possible to determine the potential vulnerability of users of the organization to social engineering attacks; the method for assessing the components of the user’s security profile has been improved, which differs from the basic approach based on the hierarchy analysis method by using a dynamically changing set of indicators, which provides a comprehensive and adaptive assessment of the impact of security profile factors on the level of user vulnerability, taking into account changes in their individual characteristics and the specifics of the organizational environment; the method for identifying the most likely trajectories of social engineering attacks has been improved, which differs from the known approaches by using a graph model of interaction between users of a corporate information system, taking into account the types and intensity of their communication links, which makes it possible to identify the most vulnerable users and determine the critical trajectories of multi-stage social engineering attacks to assess the risks of compromising a corporate information system. The practical significance of the results obtained is that the developed method for predicting social engineering attacks on corporate information systems makes it possible to assess the probability of user compromise, identify the most vulnerable categories and implement targeted countermeasures, which increases the level of corporate information systems security. Based on the method, criteria for assessing the psychological, organizational, technical, and information influence factors are proposed, which can be used by cybersecurity specialists to develop adaptive strategies to counter social engineering threats. As a result of the implementation of the recommended countermeasures, the level of protection against one-stage social engineering attacks has improved in the range from 10.3% to 42.8% for different categories of users, and the overall reduction in the likelihood of compromise due to multi-stage attacks is an average of 21% (from 19% to 24.3%). Keywords: social engineering attack, information system, attack prediction, user vulnerability assessment, graph model, information influence, mathematical model, threat actor, multi-stage attack, attack trajectory, cybersecurity, cyberspace, decision making, social networks.

Thesis supervisor

Svitlana V. Lehominova

Official opponents

Kateryna V. Molodetska
Pavlo M. Skladannyi

Reviewers

OLEKSANDR TUROVSKYI
HALYNA HAIDUR

Research papers

Якименко Ю.М., Рабчун Д.І., Запорожченко М.М. Місце соціальної інженерії в проблемі витоку даних та організаційні аспекти захисту корпоративного середовища від фішингових атак з використанням електронної пошти. Кібербезпека: освіта, наука, техніка. 2021. № 1 (13). С. 6-15. URL: https://csecurity.kubg.edu.ua/index.php/journal/article/view/278/238

Запорожченко М.М., Дзюба Т.М. Життєвий цикл та різновиди соціоінженерних атак. Зв’язок. 2021. № 4 (152). С. 17-20. URL: http://con.dut.edu.ua/index.php/communication/article/view/2544/2448

Muzhanova T., Yakymenko Y., Zaporozhchenko M., Tyshchenko V. International vendor-neutral certification for information security professionals. Кібербезпека: освіта, наука, техніка. 2022. № 4 (16). С. 129-141. URL: https://csecurity.kubg.edu.ua/index.php/journal/article/view/369/306

Запорожченко М.М. Місце OSINT в життєвому циклі кібератаки. Телекомунікаційні та інформаційні технології. 2023. № 1. С. 53-60. URL: https://tit.dut.edu.ua/index.php/telecommunication/article/view/2455

Якименко Ю.М., Рабчун Д.І., Мужанова Т.М., Запорожченко М.М., Щавінський Ю.В. Технічний аудит захищеності інформаційно-телекомунікаційних систем підприємства. Кібербезпека: освіта, наука, техніка. 2023. № 4 (20). С. 45-61. URL: https://csecurity.kubg.edu.ua/index.php/journal/article/view/466

Shchavinsky Y. V., Muzhanova T. M., Yakymenko Y. M., Zaporozhchenko M. M. Application of artificial intelligence for improving situational training of cybersecurity specialists. Information Technologies and Learning Tools. 2023. Vol. 97, № 5. P. 215-226. (Web of Science). URL: https://journal.iitta.gov.ua/index.php/itlt/article/view/5424

Lehominova S. V., Shchavinsky Y. V., Muzhanova T. M., Rabchun D. I., Zaporozhchenko M. M. Application of sentiment analysis to prevent cyberattacks on objects of critical information infrastructure. International Journal of Computing. 2023. Vol. 22, № 4. P. 534-540. (Scopus). URL: https://computingonline.net/computing/article/view/3362

Легомінова С.В., Щавінський Ю.В., Рабчун Д.І., Запорожченко М.М., Будзинський О.В. Небезпека інструментів OSINT та способи пом’якшення наслідків їх використання для організації. Кібербезпека: освіта, наука, техніка. 2024. № 1 (25). C. 294-303. URL: https://csecurity.kubg.edu.ua/index.php/journal/article/view/630

Запорожченко М.М. Моделювання профілю захищеності користувача для визначення його потенційної вразливості до соціоінженерних атак. Телекомунікаційні та інформаційні технології. 2024. № 4. С. 129-135. URL: https://tit.dut.edu.ua/index.php/telecommunication/article/view/2570

Запорожченко М.М. Метод оцінки ймовірності реалізації траєкторій соціоінженерної атаки в корпоративних інформаційних системах. Наукові записки Державного університету інформаційно-комунікаційних технологій. 2024. № 2. С. 236-242. URL: https://journals.dut.edu.ua/index.php/sciencenotes/article/view/3109

Lehominova S. V., Zaporozhchenko M. M., Shchavinsky Y. V., Muzhanova T. M., Tyshchenko V. S., Yushchenko M. O. Methodology for determining means of monitoring information security by the method of expert assessment. International Journal of Computing. 2024. Vol. 23, № 4. P. 681-691. (Scopus). URL: https://computingonline.net/files/journals/1/archieve/IJC_2024_23_4_17.pdf

0825U000514

Sviatoslav I. Vasylyshyn

Development of a method of using software decoys as elements of protection of computer networks based on Blockchain technology

0824U003752

Khaled Alfaiomi

Methods for Improving Information Security Based on Concealed Transmission of Signal-Code Constructions

0824U003653

Vladyslav Vilihura

Models and methods for ensuring the security of databases with the universal basis of relations

0824U003606

Olena Vetlytska

"The model of information protection of the individual under the influence of the results of sociological research"

0824U003460

Ievgen Iosifov

Methods and Means of Ensuring Secure Recognition and Parameterization of Speech Information Processing Results.