Multi-layered graph-based model for social engineering vulnerability assessment

International audienceAs technological and operational security measures for the protection of information systems are being widely adopted, it is much easier for a malicious user to launch an attack on an information system's weakest link, the humans operating it. Despite the damage that these attacks can cause, they are rarely taken into account in vulnerability assessment models. These models usually focus on representing the internal states of an information system, whereas social engineering attacks often start by gathering information and building relationships with the potential victims, which tends to occur outside an information system's gates. Hence, a model assessing social engineering threats should be able to account for the different channels which could be used to approach victims (professional mail, personnel mail, on-line social networks, etc). Although security professionals might not monitor some of the channels leveraged in an attack, a comprehensive vulnerability assessment model would allow the assessment of the likelihood and cost of a successful breach and tailor a security awareness programs to avoid it. We describe in this paper a multi-layered graph-based model for social engineering vulnerability assessment. We then present case studies in which vulnerabilities in an automated social engineering attack and an automated reverse social engineering attack in addition to vulnerabilities from interactions in different social networking sites, blogs and forums are assessed using this model

Social Engineering Threat Assessment Using a Multi-Layered Graph-Based Model

International audienceDuring this last decade, there have been major improvements in technological and operational security measures for the protection of information systems. This makes attacking the physical or technological infrastructure of an information system much more difficult than targeting humans operating them. The set of attacks that focus on deceiving humans is called social engineering. These attacks are rarely accounted for in vulnerability assessment models which usually focus on representing the internal states of information systems, while social engineering attack makes use of channels outside the gates of an information system (email, forums, on-line social networks, etc.). This paper introduces a comprehensive social engineering threat assessment model that represents different channels leveraged in social engineering attacks. It presents case studies where the model is used for assessing threats from specific attacks and from interactions on social media. In the first case study, a threat assessment method that relies on the presented model is introduced and used to detect malicious credit card resellers. The second case study concerns the assessment of threats from a recommendation based attack and a cross cite profile cloning attack. The last case study concerns the detection of vulnerable social media users based on their activities on two different platforms

Collective classification in social networks

International audienceClassification is one of the most studied subjects in machine learning. Most classification methods that were developed this last decade either account for structure (interactions, relationships) or attributes (text, numerical, etc). This leads to ignoring significant patterns in a dataset that could only be captured by analyzing the features of an item and its interactions. Collective classification methods use both structure and attributes, often by aggregating data from neighbors of a node and learning a model on the aggregated data. In social networks, the degree distribution of nodes follows a power law where few nodes have many neighbors. High degree nodes have incoming links from low degree nodes of different classes and many nodes have very few edges. Hence, using only local structure may lead to poor predictions. Also, many social networks allow for different types of interactions (retweet, reply, like, etc.) that affect classification differently. This article proposes a collective classification method that makes use of the structure of a network to determine its neighbors. It then presents experiments aimed at detecting jihadi propagandists and malware distributors on social networks

A dynamic approach to detecting suspicious profiles on social platforms

International audienc

A Gibbs Sampling based method for collective classification in multilayer social networks

International audienceThis last decade has witnessed a rise in the interest for methods that combine both features and interactions in a dataset. Such methods are referred to as collective classification methods. Although their popularity is increasing, they are largely underrepresented in comparison with methods that use only features or only interactions, and despite the availability of datasets that contain both modes. This study proposes a collective classification method that aggregates both structural and attribute features from an element and its neighborhood. It defines the neighborhood of elements in a multilayer network such that neighbors are more likely to belong to the same class. It then learns a model using features of an elements and of its neighbors Finally, a variation of the Gibbs sampling method for collective classification is performed using varying neighborhoods

A Gibbs Sampling based method for collective classification in multilayer social networks

International audienceThis last decade has witnessed a rise in the interest for methods that combine both features and interactions in a dataset. Such methods are referred to as collective classification methods. Although their popularity is increasing, they are largely underrepresented in comparison with methods that use only features or only interactions, and despite the availability of datasets that contain both modes. This study proposes a collective classification method that aggregates both structural and attribute features from an element and its neighborhood. It defines the neighborhood of elements in a multilayer network such that neighbors are more likely to belong to the same class. It then learns a model using features of an elements and of its neighbors Finally, a variation of the Gibbs sampling method for collective classification is performed using varying neighborhoods

Familiar strangers detection in online social networks

International audienc

The attacker's Perspective of the shield system of a target: a framework to improve resilience assessment

International audienceThe aim of this paper is to present a new approach to the resilience of the defense system (DEFS) of a target based on the viewpoint of the attacker. We begin by dividing the defense system into three shields: the threats anticipation system, the detection system and the system dedicated to protective measures. From this framework we then show that these three systems play an important role in the process of resilience that encompasses three aspects: the level of preparedness, the ability to respond and the potential for recovery

Interdependency-based approach of complex events in critical infrastructure under crisis: a first step toward a global framework

International audienc

A dynamic approach to detecting suspicious profiles on social platforms

International audienc