This document discusses case studies on using social engineering techniques to spread spyware on Linux systems. In three case studies, the authors were able to use social engineering to successfully install a spyware program on Linux systems 100% of the time by exploiting users' interests and trust. The document advocates for user education as the best prevention against social engineering attacks, as software defenses cannot prevent attacks targeting human psychology.
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of “normal” messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing.
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
TUBITAK National Research Institute of Electronics and Cryptology (UEKAE) Department of Information Systems Security makes social engineering attacks to Turkish public agencies within the frame of “Information Security Tests” [19]. This paper will make an analysis of the social engineering tests that have been carried out in several Turkish public agencies. The tests include phone calling to sample employees by the social engineer and trying to seize employees’ sensitive information by exploiting their good faith. The aim of this research is to figure that the employees in Turkish public agencies have a lack of information security awareness and they compromise the information security principles which should be necessarily applied for any public agencies. Social engineering, both with its low cost and ability to take advantage of low technology, has taken its place in the information security literature as a very effective form of attack [8].
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of “normal” messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing.
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
TUBITAK National Research Institute of Electronics and Cryptology (UEKAE) Department of Information Systems Security makes social engineering attacks to Turkish public agencies within the frame of “Information Security Tests” [19]. This paper will make an analysis of the social engineering tests that have been carried out in several Turkish public agencies. The tests include phone calling to sample employees by the social engineer and trying to seize employees’ sensitive information by exploiting their good faith. The aim of this research is to figure that the employees in Turkish public agencies have a lack of information security awareness and they compromise the information security principles which should be necessarily applied for any public agencies. Social engineering, both with its low cost and ability to take advantage of low technology, has taken its place in the information security literature as a very effective form of attack [8].
Internet and computers have changed working, communication, meeting and business requirements and conditions all over globe. Due to this high profile technology, everyone can share any activity that was unexpected and unimaginable few decades back. It was the imagination of people that they will live their lives in this manner and do their business quickly and imagination and dream has come true with the introduction of internet only. Modern society is now associated with internet and related technologies, over a quarter of the world's population is wired into the net and this number is growing every day
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risk.
Social engineering is a non-specialized system cyber attackers utilize that depends intensely on human communication and regularly includes fooling individuals into breaking standard security rehearses. The accomplishment of social engineering systems relies upon attackers' capacity to control unfortunate casualties into playing out specific activities or giving confidential information. Today, social engineering is perceived as one of the best security dangers confronting associations. Social engineering contrasts from customary hacking as in social engineering assaults can be non-specialized and don't really include the trade-off or misuse of programming or frameworks. Whenever fruitful, numerous social engineering assaults empower attackers to increase real, approved access to confidential information.
Delves into the untapped potential of reverse psychology in overturning social engineering tactics. It highlights the effectiveness of using reverse psychology as a proactive defense mechanism to thwart attempts at manipulation and deception. Click this link.
Internet and computers have changed working, communication, meeting and business requirements and conditions all over globe. Due to this high profile technology, everyone can share any activity that was unexpected and unimaginable few decades back. It was the imagination of people that they will live their lives in this manner and do their business quickly and imagination and dream has come true with the introduction of internet only. Modern society is now associated with internet and related technologies, over a quarter of the world's population is wired into the net and this number is growing every day
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risk.
Social engineering is a non-specialized system cyber attackers utilize that depends intensely on human communication and regularly includes fooling individuals into breaking standard security rehearses. The accomplishment of social engineering systems relies upon attackers' capacity to control unfortunate casualties into playing out specific activities or giving confidential information. Today, social engineering is perceived as one of the best security dangers confronting associations. Social engineering contrasts from customary hacking as in social engineering assaults can be non-specialized and don't really include the trade-off or misuse of programming or frameworks. Whenever fruitful, numerous social engineering assaults empower attackers to increase real, approved access to confidential information.
Delves into the untapped potential of reverse psychology in overturning social engineering tactics. It highlights the effectiveness of using reverse psychology as a proactive defense mechanism to thwart attempts at manipulation and deception. Click this link.
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of “normal” messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing.
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
Artificial Intelligence (AI) and Machine Learning (ML) technologies have many positive applications, from helping researchers better understand neural pathways in the brain to assisting law enforcement with identifying suspects in criminal investigations.
They are renowned for the greater good of cybersecurity. However, these technologies also hold the potential to ruin our perfectly running digital world and become a source of power to the dark web users/administrators.
If you’re not familiar with how AI and ML might impact cybersecurity, this blog will discuss both sides of the coin and help you better understand how this technology might affect you one day soon.
Under the right hands, they are a boon to humanity, but they can quickly turn into a bane on the corrupt hands.
As for now, upgrade your security with these technologies to stay in the competition. Connect with a Machine Learning company in India to maximize your cybersecurity.
https://bit.ly/3rrYI3J
#cybersecurity #aiincybersecurity #mlincybersecurity #machinelearningincybersecurity #artificialintelligenceincybersecurity #hireaidevelopers #machinelearningcompaniesinindia #machinelearningdevelopmentcompany #machinelearningdevelopmentservices #topmachinelearningcompanies
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
This book is your guide to helping you detect and prevent social engineering attacks, and to better understand how to defend your company from what has grown to become the dominant global cyber threat.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
Technical solutions, introduced by policies and implantations are essential requirements of an
information security program. Advanced technologies such as intrusion detection and prevention system (IDPS)
and analysis tools have become prominent in the network environment while they involve with organizations to
enhance the security of their information assets. Scanning and analyzing tools to pinpoint vulnerabilities, holes
in security components, unsecured aspects of the network and deploying of IDPS technology are highlighted.
Similar to Case Study On Social Engineering Techniques for Persuasion Full Text (20)
ON THE PROBABILITY OF K-CONNECTIVITY IN WIRELESS AD HOC NETWORKS UNDER DIFFER...graphhoc
We compare the probability of k-Connectivity of an ad hoc network under Random Way Point (RWP),City Section and Manhattan mobility models. A Network is said to be k Connected if there exists at least k edge disjoint paths between any pair of nodes in that network at any given time and velocity. Initially, for each of the three mobility models, the movement of the each node in the ad hoc network at a given velocity and time are captured and stored in the Node Movement Database (NMDB). Using the movements in the NMDB, the location of the node at a given time is computed and stored in the Node
Location Database (NLDB).
The Impact of Data Replication on Job Scheduling Performance in Hierarchical ...graphhoc
In data-intensive applications data transfer is a primary cause of job execution delay. Data access time depends on bandwidth. The major bottleneck to supporting fast data access in Grids is the high latencies of Wide Area Networks and Internet. Effective scheduling can reduce the amount of data transferred across the internet by dispatching a job to where the needed data are present. Another solution is to use a data replication mechanism. Objective of dynamic replica strategies is reducing file access time which leads to reducing job runtime. In this paper we develop a job scheduling policy and a dynamic data replication strategy, called HRS (Hierarchical Replication Strategy), to improve the data access efficiencies. We study our approach and evaluate it through simulation. The results show that our algorithm has improved 12% over the current strategies
DISTANCE TWO LABELING FOR MULTI-STOREY GRAPHSgraphhoc
An L (2, 1)-labeling of a graph G (also called distance two labeling) is a function f from the vertex set V (G) to the non negative integers {0,1,…, k }such that |f(x)-f(y)| ≥2 if d(x, y) =1 and | f(x)- f(y)| ≥1 if d(x, y) =2. The L (2, 1)-labeling number λ (G) or span of G is the smallest k such that there is a f with
max {f (v) : vє V(G)}= k. In this paper we introduce a new type of graph called multi-storey graph. The distance two labeling of multi-storey of path, cycle, Star graph, Grid, Planar graph with maximal edges and its span value is determined. Further maximum upper bound span value for Multi-storey of simple
graph are discussed.
Impact of Mobility for Qos Based Secure Manet graphhoc
Secure multicast communication in Mobile Adhoc Networks (MANETs) is challenging due to its inherent characteristics of infrastructure-less architecture with lack of central authority, limited resources such as bandwidth, energy and power. Several group oriented applications over MANETs create new challenges to routing protocols in terms of QOS requirements. In many multicast interactions, due to its frequent node mobility, new member can join and current members can leave at a time. It is necessary to choose a routing protocol which establishes true connectivity between the mobile nodes. The pattern of movement of members is classified into different mobility models and each one has its own distinct features. It is a crucial part in the performance of MANET. Hence key management is the fundamental challenge in achieving secure communication using multicast key distribution for mobile adhoc networks. This paper describes the impact of mobility models for the performance of a new cluster-based multicast tree algorithm with destination sequenced distance vector routing protocol in terms of QOS requirements such as end to end delay, energy consumption and key delivery ratio. For simulation purposes, three mobility models are considered. Simulation results illustrate the performance of routing protocol with different mobility models and different mobility speed under varying network conditions.
A Transmission Range Based Clustering Algorithm for Topology Control Manetgraphhoc
This paper presents a novel algorithm for clustering of nodes by transmission range based clustering (TRBC).This algorithm does topology management by the usage of coverage area of each node and power management based on mean transmission power within the context of wireless ad-hoc networks. By reducing the transmission range of the nodes, energy consumed by each node is decreased and topology is formed. A new algorithm is formulated that helps in reducing the system power consumption and prolonging the battery life of mobile nodes. Formation of cluster and selection of optimal cluster head and thus forming the optimal cluster taking weighted metrics like battery life, distance, position and mobility is done based on the factors such as node density, coverage area, contention index, required and current node degree of the nodes in the clusters
A Battery Power Scheduling Policy with Hardware Support In Mobile Devices graphhoc
A major issue in the ad hoc networks with energy constraints is to find ways that increase their lifetime. The use of multihop radio relaying requires a sufficient number of relaying nodes to maintainnetwork connectivity. Hence, battery power is a precious resource that must be used efficiently in order to avoid early termination of any node. In this paper, a new battery power scheduling policy based on dynamic programming is proposed for mobile devices.This policy makes use of the state information of each cell provided by the smart battery package and uses the strategy of dynamic programming to optimally satisfy a request for power. Using extensive simulation it is proved that dynamic programming based schedulingpolicyimproves the lifetime of the mobile nodes.Also a hardware support is proposed to succeeds in distinguishing between real-time and non-real-time traffic and provides the appropriate grade of service, to meet the time constraints associated with real time traffic.
A Review of the Energy Efficient and Secure Multicast Routing Protocols for ...graphhoc
This paper presents a thorough survey of recent work addressing energy efficient multicast routing protocols and secure multicast routing protocols in Mobile Ad hoc Networks (MANETs). There are so many issues and solutions which witness the need of energy management and security in ad hoc wireless networks. The objective of a multicast routing protocol for MANETs is to support the propagation of data from a sender to all the receivers of a multicast group while trying to use the available bandwidth efficiently in the presence of frequent topology changes. Multicasting can improve the efficiency of the wireless link when sending multiple copies of messages by exploiting the inherent broadcast property of wireless transmission. Secure multicast routing plays a significant role in MANETs. However, offering energy efficient and secure multicast routing is a difficult and challenging task. In recent years, various multicast routing protocols have been proposed for MANETs. These protocols have distinguishing features and use different mechanisms.
Breaking the Legend: Maxmin Fairness notion is no longer effective graphhoc
In this paper we analytically propose an alternative approach to achieve better fairness in scheduling mechanisms which could provide better quality of service particularly for real time application. Our proposal oppose the allocation of the bandwidth which adopted by all previous scheduling mechanism. It rather adopt the opposition approach be proposing the notion of Maxmin-charge which fairly distribute the congestion. Furthermore, analytical proposition of novel mechanism named as Just Queueing is been demonstrated
I-Min: An Intelligent Fermat Point Based Energy Efficient Geographic Packet F...graphhoc
Energy consumption and delay incurred in packet delivery are the two important metrics for measuring the performance of geographic routing protocols for Wireless Adhoc and Sensor Networks (WASN). A protocol capable of ensuring both lesser energy consumption and experiencing lesser delay in packet delivery is thus suitable for networks which are delay sensitive and energy hungry at the same time. Thus a smart packet forwarding technique addressing both the issues is thus the one looked for by any geographic routing protocol. In the present paper we have proposed a Fermat point based forwarding technique which reduces the delay experienced during packet delivery as well as the energy consumed for transmission and reception of data packets.
Fault tolerant wireless sensor mac protocol for efficient collision avoidancegraphhoc
In sensor networks communication by broadcast methods involves many hazards, especially collision. Several MAC layer protocols have been proposed to resolve the problem of collision namely ARBP, where the best achieved success rate is 90%. We hereby propose a MAC protocol which achieves a greater success rate (Success rate is defined as the percentage of delivered packets at the source reaching the destination successfully) by reducing the number of collisions, but by trading off the average propagation delay of transmission. Our proposed protocols are also shown to be more energy efficient in terms of energy dissipation per message delivery, compared to the currently existing protocol.
Enhancing qo s and qoe in ims enabled next generation networksgraphhoc
Managing network complexity, accommodating greater numbers of subscribers, improving coverage to support data services (e.g. email, video, and music downloads), keeping up to speed with fast-changing technology, and driving maximum value from existing networks – all while reducing CapEX and OpEX and ensuring Quality of Service (QoS) for the network and Quality of Experience (QoE) for the user. These are just some of the pressing business issues faced by mobileservice providers, summarized by the demand to “achieve more, for less.” The ultimate goal of optimization techniques at the network and application layer is to ensure End-user perceived QoS. The next generation networks (NGN), a composite environment of proven telecommunications and Internet-oriented mechanisms have become generally recognized as the telecommunications environment of the future. However, the nature of the NGN environment presents several complex issues regarding quality assurance that have not existed in the legacy environments (e.g., multi-network, multi-vendor, and multi-operator IP-based telecommunications environment, distributed intelligence, third-party provisioning, fixed-wireless and mobile access, etc.). In this Research Paper, a service aware policy-based approach to NGN quality assurance is presented, taking into account both perceptual quality of experience and technologydependant quality of service issues. The respective procedures, entities, mechanisms, and profiles are discussed. The purpose of the presented approach is in research, development, and discussion of pursuing the end-to-end controllability of the quality of the multimedia NGN-based communications in an environment that is best effort in its nature and promotes end user’s access agnosticism, service agility, and global mobility
Simulated annealing for location area planning in cellular networksgraphhoc
LA planning in cellular network is useful for minimizing location management cost in GSM network. In fact, size of LA can be optimized to create a balance between the LA update rate and expected paging rate within LA. To get optimal result for LA planning in cellular network simulated annealing algorithm is used. Simulated annealing give optimal results in acceptable run-time
Secure key exchange and encryption mechanism for group communication in wirel...graphhoc
Secured communication in ad hoc wireless networks is primarily important, because the communication signals are openly available as they propagate through air and are more susceptible to attacks ranging from passive eavesdropping to active interfering. The lack of any central coordination and shared wireless medium makes them more vulnerable to attacks than wired networks. Nodes act both as hosts and routers and are interconnected by Multi- hop communication path for forwarding and receiving packets to/from other nodes. The objective of this paper is to propose a key exchange and encryption mechanism that aims to use the MAC address as an additional parameter as the message specific key[to encrypt]and forward data among the nodes. The nodes are organized in spanning tree fashion, as they avoid forming cycles and exchange of key occurs only with authenticated neighbors in ad hoc networks, where nodes join or leave the network dynamically.
Simulation to track 3 d location in gsm through ns2 and real lifegraphhoc
In recent times the cost of mobile communication has dropped significantly leading to a dramatic increase in mobile phone usage. The widespread usage has led mobiles to emerge as a strong alternative for other applications one of which is tracking. This has enabled law-enforcing agencies to detect overspeeding vehicles and organizations to keep track its employees. The 3 major ways of tracking being employed presently are (a) via GPS [1] (b) signal attenuation property of a packet [3] and (c) using GSM Network [2]. The initial cost of GPS is very high resulting in low usage whereas (b) needs a very high precision measuring device. The paper presents a GSM-based tracking technique which eliminates the above mentioned overheads, implements it in NS2 and shows the limitations of the real life simulation. An accuracy of 97% was achieved during NS2 simulation which is comparable to the above mentioned alternate methods of tracking.
Performance Analysis of Ultra Wideband Receivers for High Data Rate Wireless ...graphhoc
For high data rate ultra wideband communication system, performance comparison of Rake, MMSE and Rake-MMSE receivers is attempted in this paper. Further a detail study on Rake-MMSE time domain equalizers is carried out taking into account all the important parameters such as the effect of the number of Rake fingers and equalizer taps on the error rate performance. This receiver combats inter-symbol interference by taking advantages of both the Rake and equalizer structure. The bit error rate performances are investigated using MATLAB simulation on IEEE 802.15.3a defined UWB channel models. Simulation results show that the bit error rate probability of Rake-MMSE receiver is much better than Rake receiver and MMSE equalizer. Study on non-line of sight indoor channel models illustrates that bit error rate performance of Rake-MMSE (both LE and DFE) improves for CM3 model with smaller spread compared to CM4 channel model. It is indicated that for a MMSE equalizer operating at low to medium SNR values, the number of Rake fingers is the dominant factor to improve system performance, while at high SNR values the number of equalizer taps plays a more significant role in reducing the error rate.
Coverage and Connectivity Aware Neural Network Based Energy Efficient Routing...graphhoc
There are many challenges when designing and deploying wireless sensor networks (WSNs). One of the key challenges is how to make full use of the limited energy to prolong the lifetime of the network, because energy is a valuable resource in WSNs. The status of energy consumption should be continuously monitored after network deployment. In this paper, we propose coverage and connectivity aware neural network based energy efficient routing in WSN with the objective of maximizing the network lifetime. In the proposed scheme, the problem is formulated as linear programming (LP) with coverage and connectivity aware constraints. Cluster head selection is proposed using adaptive learning in neural networks followed by coverage and connectivity aware routing with data transmission. The proposed scheme is compared with existing schemes with respect to the parameters such as number of alive nodes, packet delivery fraction, and node residual energy. The simulation results show that the proposed scheme can be used in wide area of applications in WSNs.
An Overview of Mobile Ad Hoc Networks for the Existing Protocols and Applicat...graphhoc
Mobile Ad Hoc Network (MANET) is a collection of two or more devices or nodes or terminals with
wireless communications and networking capability that communicate with each other without the aid of
any centralized administrator also the wireless nodes that can dynamically form a network to exchange
information without using any existing fixed network infrastructure. And it’s an autonomous system in
which mobile hosts connected by wireless links are free to be dynamically and some time act as routers at
the same time, and we discuss in this paper the distinct characteristics of traditional wired networks,
including network configuration may change at any time , there is no direction or limit the movement and
so on, and thus needed a new optional path Agreement (Routing Protocol) to identify nodes for these
actions communicate with each other path, An ideal choice way the agreement should not only be able to
find the right path, and the Ad Hoc Network must be able to adapt to changing network of this type at any
time. and we talk in details in this paper all the information of Mobile Ad Hoc Network which include the
History of ad hoc, wireless ad hoc, wireless mobile approaches and types of mobile ad Hoc networks, and
then we present more than 13 types of the routing Ad Hoc Networks protocols have been proposed. In this
paper, the more representative of routing protocols, analysis of individual characteristics and advantages
and disadvantages to collate and compare, and present the all applications or the Possible Service of Ad
Hoc Networks
An Algorithm for Odd Graceful Labeling of the Union of Paths and Cycles graphhoc
In 1991, Gnanajothi [4] proved that the path graph n
P with n vertex and n −1edge is odd graceful, and
the cycle graph Cm with m vertex and m edges is odd graceful if and only if m even, she proved the
cycle graph is not graceful if m odd. In this paper, firstly, we studied the graphCm∪Pn when m = 4, 6,8,10
and then we proved that the graphCm∪Pn
is odd graceful if m is even. Finally, we described an
algorithm to label the vertices and the edges of the vertex set ( ) m n
V C ∪P and the edge set ( ) m n
E C ∪P .
ACTOR GARBAGE COLLECTION IN DISTRIBUTED SYSTEMS USING GRAPH TRANSFORMATIONgraphhoc
A lot of research work has been done in the area of Garbage collection for both uniprocessor and
distributed systems. Actors are associated with activity (thread) and hence usual garbage collection
algorithms cannot be applied for them. Hence a separate algorithm should be used to collect them. If we
transform the active reference graph into a graph which captures all the features of actors and looks like
passive reference graph then any passive reference graph algorithm can be applied for it. But the cost of
transformation and optimization are the core issues. An attempt has been made to walk through these
issues.
A Proposal Analytical Model and Simulation of the Attacks in Routing Protocol...graphhoc
In this work we have devoted to some proposed analytical methods to simulate these attacks, and node mobility in MANET. The model used to simulate the malicious nodes mobility attacks is based on graphical theory, which is a tool for analyzing the behavior of nodes. The model used to simulate the Blackhole cooperative, Blackmail, Bandwidth Saturation and Overflow attacks is based on malicious nodes and the number of hops. We conducted a simulation of the attacks with a C implementation of the proposed mathematical models.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Case Study On Social Engineering Techniques for Persuasion Full Text
1. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
10.5121/jgraphoc.2010.2202 17
CASE STUDY ON SOCIAL ENGINEERING
TECHNIQUES FOR PERSUASION
Mosin Hasan1
, Nilesh Prajapati2
and Safvan Vohara3
1
Computer Department, BVM Engineering College, V V Nagar
mosin83@yahoo.co.in
2IT
Department, BVM Engineering College, V V Nagar
nbp_it53@yahoo.com
3
Computer Department, BVM Engineering College, V V Nagar
safvan465@gmail.com
ABSTRACT
T There are plenty of security software in market; each claiming the best, still we daily face problem of
viruses and other malicious activities. If we know the basic working principal of such malware then we
can very easily prevent most of them even without security software. Hackers and crackers are experts in
psychology to manipulate people into giving them access or the information necessary to get access. This
paper discusses the inner working of such attacks. Case study of Spyware is provided. In this case study,
we got 100% success using social engineering techniques for deception on Linux operating system, which
is considered as the most secure operating system. Few basic principal of defend, for the individual as
well as for the organization, are discussed here, which will prevent most of such attack if followed.
KEYWORDS
Spyware, Malware, Social Engineering, Psychology.
1. INTRODUCTION
We are living in the Internet world, and we heard daily regarding virus and hackers. We all
install antivirus and anti-Spyware software but still the virus infects our system. Today our
every business is linked with IT systems. All major banks provides embanking, we purchase
ticket and do shopping online. In our country still the IT penetration in our day-to-day life is not
that much compared to other like USA, Europe countries. Our businesses are linked with IT and
hence with computers. Computers get hacked by hackers or infected by the Virus, Worms and
that affect businesses to great extend.
1.1. Impact of Malware Activity
Intensions behind Hacking and Malware are different, their threats also vary. Hacking threat can
be for financial gain or personal revenge. Spyware threat can be social or personal. Virus threat
can be economical. Bitnet and Trojan ware threat leads to social and national security. There
are various types of threats
1. Personal Threat / Organizational Threat
2. National Security Threat
3. Economical Threat
Most Parasites writer or phishers have their main purpose as Money and hence most of the time
it is related to banking. Brand attacked in November 2009 were banking, ecommerce, IT
services and other.
2. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
18
[State of Phishing: Monthly Report: December 2009 by Symantec]
There were 29 countries whose brands were attacked. During November 2009, In China, the e-
commerce sector remains a primary target. Due the 2010 FIFA World cup, Phishers are
launching attacks masquerading World cup related sites. From the above report you can see that
most of the time phishers are attacking banking system.
1.2 Anti Virus and Anti Spyware Systems
As we think, hacker and Malware activity as technical problem, we always search for the better
anti-Spyware or anti-virus software. Our anti-virus or anti-Spyware monitors running
application but they do not check for the people problem. Usually people do not know the basic
working of how malware penetrate into the system? What cause they can do? How to prevent
them?
2 PSYCHOLOGY
According to the study of psychology, human being has nature to be helpful when people are in
real need, the tendency to trust people, the fear of getting into trouble and tries to escape from it,
get something free or without doing much of work. Hacker and crackers tries to attack this
technique hence people need to be trained to defend against it.
2.1. Introduction to Social Engineering
It is a process of deceiving people into giving away access or confidential information, is a
formidable threat to most secured networks. It is an art of persuasion. Social Engineering
techniques and philosophies behind it is very old [11]. The story of the Trojan horse, made
famous by the Greek epic poet Homer in The Odyssey. It was one of the most ingenious social
engineering tricks in the history of humankind. Edwards named it after the social engineering
technique used by the Greeks [11]. This attack is the most powerful attack as no hardware or
software can prevent it or even can not defend it. This attack deals with Psychology and hence
people need to be trained to defend against it. Followings are the few definition of Social
Engineering by some authors.
1. "…the art and science of getting people to comply with your wishes."[2]
2. “Social Engineering - A euphemism for non-technical or low-technology means - such as
lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.”
[2]
Each Social Engineering attacks are different and unique but they do have some common
pattern. That pattern has four phases (Information Gathering, Relationship Development,
3. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
19
Exploitation and Execution). Social Engineering attack and/or may even incorporate the use of
other more traditional attack techniques to achieve the desired end result. We see that social
engineering not only is a serious threat but also the inherent human weakness for misperception
of human mind to guess the true motive of the persuader.
In the Information gathering phase, Target victim or victims are identified. Once the target is
identified, Next step is to identify various luring section which will excite the victim. Example
way old “I Love You” virus was working on this principal, as every one of us wants to know
who love me. Once information is gathered regarding victim and his interest area. Next step is
we try to find or establish the relationship with victim. Here in “I Love You” virus, if virus is
coming for some friend then you get more excited. After that attack is planned with already
built software or new Spyware will be created. Now everything is set. The last step of the attack
is execution
2.2. Types Social Engineering skills
Following are the few Skills to exploits user to get access to your system.
1. Impersonating staff: This is an art of inventing scenario to persuade a target to release
information or perform an action and is usually done through email or telephone. Most powerful
and danger trick for gaining physical access to the system is to pretend to be someone from
inside the company. Users gave their password to a "stranger” on a phone call to a member of
the IT staff. This is especially true if the caller implies that their account may be disabled and
that they might not be able to get important e-mail or access needed network shares if they don't
cooperate [3]
. It is the most time consuming attack as it requires research to get information
regarding target to establish the legitimacy in the mind of target.
2. Playing on users' sympathy the social engineer may pretend to be a worker from outside,
perhaps from the phone company or the company's Internet service provider [2]. Nature of
people is to help a person who's in trouble.
3. Intimidation tactics social engineers may need to turn to stronger stuff: intimidation. In this
case, the social engineer pretends to be someone important -- a big boss from headquarters, a
top client of the company, an inspector from the government, or someone else who can strike
fear into the heart of regular employees. He or she comes storming in, or calls the victim up,
already yelling and angry. [2]
They may threaten to fire the employee they don't get the
information they want.
4. Hoaxing: A hoax is an attempt to trick the people into believing something false is real. It
also may lead to sudden decisions being taken due to fear of an untoward incident.
5. Creating confusion: Another ploy involves first creating a problem and then taking advantage
of it. It can be as simple as setting off a fire alarm so that everyone will vacate the area quickly,
without locking down their computers. Social engineers can then use a logged-on session to do
their dirty work. [2]
6. Dumpster diving: Someone from the company throwing away junk mail or routine mail /
letter of the company without ripping the document. If the mail contained personal information,
or credit card offers that dumpster diver could use to carry out identity theft. Dumpster diver
also searches for information like company organization chart, who reports to whom, especially
management level employee who can be impersonated to hack important detail. Dumpster
diving information can be used in impersonation attack.
7. Reverse social Engineering: An even sneakier method of social engineering occurs when a
social engineer gets others to ask him or her questions instead of questioning them. These social
engineers usually have to do a lot of planning to pull it off, placing themselves in a position of
seeming authority or expertise.
8. Mail: The use of an interesting subject line triggers an emotion that leads to accidental
participation from the target. There are two common forms. The first involves malicious code;
this code is usually hidden within a file attached to an email. The intention is that an
4. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
20
unsuspecting user will click/open the file; for example, 'I Love You' virus, 'Anna Kournikova'
worm.
9. A phishing technique that has received substantial publicity of late is “vishing,” or voice
phishing. Vishing can work in two different ways. In one version of the scam, the consumer
receives an e-mail designed in the same way as a phishing e-mail, usually indicating that there is
a problem with the account. Instead of providing a fraudulent link to click on, the e-mail
provides a customer service number that the client must call and is then prompted to “log in”
using account numbers and passwords. The other version of the scam is to call consumers
directly and tell them that they must call the fraudulent customer service number immediately in
order to protect their account. Vishing criminals may also even establish a false sense of
security in the consumer by “confirming” personal information that they have on file, such as a
full name, address or credit card number [4]
. Vishing actually emulates a typical bank protocol in
which banks encourage clients to call and authenticate information [5]
.
3 CASE STUDY
As Social Engineering is the most powerful attack, we tried to check how effective the social
engineering on the Linux. Linux is considered as most secure operating system but as we have
discussed even the most secure system can be break by targeting weak link (people). Following
case study shows the impact of social engineering if plugged with Spyware.
3.1. Implementation of Case Study
We have created a Spyware for the Linux which logs the information typed by the user in Linux
environment. We have not put the Spyware on the wild means in real environment but to get
statistics related to Spyware with social engineering tactics, we tried to achieve it three ways
and all these techniques are based on social engineering [6].
Case-1: Enthusiasm of fun: As for this attack, first we gather information like we used the
person whom we know. We gathered the information like he uses the Operating system as
Linux; He is fond of Linux shell script programming. Second stage is relation ship development
which is already established as we choose person who trust us. We sent it to friend who uses
Linux as desktop operating system in mail. Subject line of the mail was “Shell Script for Fun”.
As frequently you got mail from your friend having attachment, you open it as it pretend to be
from friend and safe. You get trapped because even you can send mail with any fake name using
open mail relay SMTP servers. This is psychological strategy and it is customized attack, as we
have chosen the individual. Some parasite writers use customize approach for some specific
victim while some uses general approach to trap unknown victims and if that technique get
successful then many people will get trap in it.
Case-2: Eagerness to know great thing: Second case we gone for same principal first
information gathering, relation establishment and then deception. We choose persons who are
fond of hacking and cracking activity. Case-2 targets such user who loves hacking and cracking.
Even on internet, if you search for free tools for hacking and cracking, you will get it for free.
But many of such software itself hack your system. On internet: I have put link of this shell
script with Name “Tool to hack in Windows” to friend. And they clicked on it, downloaded it
and ran it.
Case-3: Hoaxing: As people think, Linux is secure than windows but don’t know by what
percentage and they want information on this aspect. So fake Linux report containing the Shell
Script as the case. As a news to friend – Linux security report. As people normally follows the
link as it is report on Linux. As all this techniques uses social engineering, human get trapped.
Our spyware requires the root privileged.
5. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
21
Following table shows the result of above techniques. [6]
Case Study Result
Case Number of target Success
1 5 80
One instance didn’t work, as run at office in Underprivileged user mode and hence didn’t work.
2 3 100
Worked 100 percent as every one has executed it in root mode.
3 2 50
One of the target users has not followed the Link provided in mail
This Spyware doesn’t exploit any of the Linux vulnerability but uses social engineering to
attack people and result shows that it may get worst if deliver in the wild with few more
techniques [6]
. This Spyware gets more effective because Linux, itself provide very powerful
tool.
3.2. Other Example of Social Engineering Attacks
Social Engineering is used by hackers and crackers to hack the target machine or to spread virus
and Malware application. To introduce the Social Engineering, we have to give some real
example, which can be understood easily by the non-technical person.
Following are the few attacks for spreading Spyware
1. Piggybacked software installation: User is lured to install the software for free and with that
software automatically some Spyware get installed which will monitor and even tamper your
data. That software might be claiming of game or media player or any useful software [1]
.
2. Mail: you get mail from your friend or from unknown mail id with some interesting or alert
subject line like “Hey check your machine” or “You might be infected” you open it and you get
infected [1]
.
3. Fake anti Spyware: There are various utilities claiming anti-Spyware but actually they are
Spyware or some application enticed with hacking tool but actually hacking your system. The
weakest security link, which concerns playing with human psychology to get the confidential
details out of him by appearing to be ’genuine and concerned’
4. Spam mail claiming “You won the lottery” or claiming to be selling some genuine medicine
for good result. This all are the social engineering to lure the target to provide some information
which can be used to gain financial or social or personal gain.
4 PREVENTION
User education is the first and most powerful defense against social engineering, backed up by
strong, clear (written) policies that define when and to whom (if ever) users are permitted to
give their passwords, open up the server room, etc. Strict procedures should be laid down. By
implementing authentication system (smart cards/tokens or, even better, biometrics), you can
thwart a high percentage of social engineering attempts. Even if the social engineer manages to
learn the password, it will be useless without the second authentication factor. A successful
defense against the social engineering depends on having good policies in place ensuring that all
employees follow them Social engineering attacks are most powerful attacks as the defense
against it is not the software system but the people which in themselves quite unpredictable.
Still using few counter measures we can prevent some of the attacks.
Following are the prevention techniques for personal defense.
1. We have to be suspicious of any e-mail with urgent requests for personal financial
information or threats of termination of online accounts.
6. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
22
2. Unless the e-mail is digitally signed, you can't be sure it wasn't forged or “spoofed.” because
any one can mail it by any name hence when it is stating some important better to check for the
full headers.
3. Phishers typically ask for information such as usernames, passwords, credit card numbers,
social security numbers, etc. and such information normally won’t be asked by the genuine
organization online.
4. Phisher e-mails are typically not personalized, while valid messages from your bank or e-
commerce company generally are. “Phisher e-mails start some thing like “Dear customer” but
there are some attacks which are customized or more advance which uses your personal
information and if the attack is specifically for you then it will be customize like our case study.
5. When contacting your financial institution, use only channels that you know from
independent sources. (e.g., information on your bank card, hard-copy correspondence, or
monthly account statement), and don’t rely on links contained in e-mails, even if the sites looks
genuine.
6. Always ensure that you're using a secure website when submitting credit card or other
sensitive information via your Web browser. Check in the address bar URL must start with
https:// instead of http://
7. Regularly log into your online accounts and change password frequently.
8. Regularly check your bank, credit and debit card statements to ensure that all transactions are
legitimate.
9. Don't assume that you can correctly identify a website as legitimate just by looking at its
general appearance.
10. Avoid filling out forms in e-mail messages or pop-up windows that ask for personal
financial information because it might be used by spammers as well as phisher for future attack.
Following are the few counter measures for the organizational institute.
1. Well defined and documented security policy: In this process company set the standards and
guidelines form the foundation of a good security [7]
.
2. Acceptable usage Policy: for acceptable business usage of email, computer system, telephone
and network as well as other hardware like pen-drive.
3. Personnel security: A screening of prospective employees, contractor to ensure that they do
not pose a security threat to the organization [3]
.
4. Information Access Control: Password usage and guidelines for generating password, access
authorization and accounting procedure, installation procedure. Automated password reset and
synchronization tools can lift the responsibility of managing password from tech support and
help desk without placing an undo burden on end user [3]
.
5. Protection from Malware like Spyware, virus, adware, Trojan etc using software systems.
Like firewalls, antispyware and anti-virus software with regular updating of patches. These will
ensure filtering of major security breach incidents [3]
.
6. Awareness and Education: Giving education to the user about the common techniques
employed and used by the social engineer is an important part of security system. For example,
a knowledgeable user can be advised that he/she should never give out any information without
the appropriate authorization and that he/she should report any suspicious behavior[9][10]
.
A good training and awareness program focusing on the type of behavior required will
undoubtedly pay for itself. By providing real incident example, social engineering can be
implemented effectively in the system.
7. Audits and compliance: Policy gets effective only when it gets implemented and everyone
conforms to the policy. Hence auditing the usage and make sure everyone compliance to the
rules [9] [10]
.
8. Security Incident Management: When a social engineering attacks occurs make sure service
desk staff knows how to manage such attack. As each attack is different, system will get new
data and hence its need to be manages for future use. Hence reporting and storage of such
incident should be done properly [10]
.
7. International journal on applications of graph theory in wireless ad hoc networks and sensor networks
(GRAPH-HOC) Vol.2, No.2, June 2010
23
Followings are the few points of email usage policy given by SANS institute.
1. Email system shall not to be used for the creation or distribution of any disruptive or
offensive messages or even forwarded message. Employees who receive any emails with this
content from any <COMPANY NAME> employee should report the matter to their supervisor
immediately.
2. Using a reasonable amount of <COMPANY NAME> resources for personal emails is
acceptable, but nonwork related email shall be saved in a separate folder from work related
email.
3. Employees shall have no expectation of privacy in anything they store, send or receive on the
company’s email system. <COMPANY NAME> may monitor messages without prior notice.
<COMPANY NAME> is not obliged to monitor email messages.
4. Any employee found to have violated this policy may be subject to disciplinary action, up to
and including termination of employment.
5 CONCLUSION
We might have the most secure network or clear policies still as humans are unpredicted due
curiosity and greed without concern for the consequences, we could face our own version of a
Trojan tragedy [11]
. A paradox of social engineering attacks is that people are not only the
biggest problem and security risk, but also the best tool to defend against these attacks.
Organizations must fight social engineering attacks by establishing policies and procedures that
define roles and responsibilities for all users and not just security personnel. As well as
organization must ensure that, these policies and procedure are executed by users properly
hence regular training needs to be given on the latest such incidents.
REFERENCES
[1] Malware : Threat to the Economy, Survey Study by Mosin Hasan, National Conference IT and
Business Intelligence (ITBI - 08)
[2] White paper: Avoiding Social Engineering and Phishing Attacks,Cyber Security Tip ST04-014,
by Mindi McDowell,Carnegie Mellon University, June 2007.
[3] Book of 'People Hacking' by Harl
[4] FCAC Cautions Consumers About New “Vishing” Scam, Financial Consumer Agency of
Canada, July 25, 2006.
[5] Schulman, Jay. Voice-over-IP Scams Set to Grow, VoIP News, July 21, 2006.
[6] Spying Linux: Consequences, Technique and Prevention by Mosin Hasan, IEEE International
Advance Computing Conference (IACC’09)
[7] Redmon,- audit and policy Social Engineering manipulating source , Author: Jared Kee,SANS
institute.
[8] White paper ‘Management Update: How Businesses Can Defend against Social Engineering
Attacks’ published on March 16, 2005 by Gartner.
[9] White paper, Social Engineering:An attack vector most intricate to tackle by Ashish Thapar.
[10] The Origin of Social Engineering Bt Heip Dand MacAFEE Security Journal, Fall 2008.
[11] Psychology: A Precious Security Tool by Yves Lafrance,SANS Institute,2004.
[12] SOCIAL ENGINEERING: A MEANS TO VIOLATE A COMPUTER SYSTEM, By Malcolm
Allen, SANS Institute, 2007
[13] Inside Spyware – Techniques, Remedies and Cure by Mosin hasan Emerging Trends in
Computer Technology National Conference.