CN113055366A - Social engineering attack simulation and verification quantitative evaluation method - Google Patents
Social engineering attack simulation and verification quantitative evaluation method Download PDFInfo
- Publication number
- CN113055366A CN113055366A CN202110244730.6A CN202110244730A CN113055366A CN 113055366 A CN113055366 A CN 113055366A CN 202110244730 A CN202110244730 A CN 202110244730A CN 113055366 A CN113055366 A CN 113055366A
- Authority
- CN
- China
- Prior art keywords
- attack
- social engineering
- verification
- simulation
- evaluation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a social engineering attack simulation and verification quantitative evaluation method, which comprises the following steps: step 1, determining an attack load by using a disguised identity selected for a selected attack target and a specific attack means adopted by a weak point of an attacker; step 2, evaluating the severity and the lethality of the consequences caused by the attack load; step 3, selecting a corresponding defense means according to the evaluation result obtained in the step 2 to intercept social engineering attacks; and 4, constructing an index system for simulation and verification, and evaluating a simulation result. The method can be used for simulating the attack chain in social engineering, comprehensively thinking and researching the attack chain in social engineering through confirmation of the attack load, evaluation of the attack result and evaluation of the defense effect, and providing theoretical basis and practical method for making reasonable security guarantee measures of the communication network and making attack strategies of the communication network for enemy and friend schools.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a social engineering attack simulation and verification quantitative evaluation method.
Background
Social engineering is the full-scale application of research methods on objects to the research on human bodies and becomes a technology control tool. Social engineering is a method for implementing hazards such as cheating and injury against psychological weaknesses, instinctive responses, curiosity, trust, greedy and other psychological traps of victims. The social engineering attack is to utilize the psychological characteristics of people to cheat user information, obtain confidential information, system setting and other public data, and create favorable conditions for hackers to attack and virus infection. After the network security technology has been developed to a certain extent, it is no longer a technical problem but a person and management that is the deciding factor. The following measures are used in social attack: the mature people can speak well, forge similar information backgrounds, pretend to be new people to be drawn into the interior, use the opportunity of interview, have no contraindication for the malicious people, pretend to be known, American counting, external harmony and fashion good idea, and be the tomb nameplate of the good and good people and use the technical communication.
The theoretical simulation evaluates the reliability of the platform for virtual dynamic social network modeling based on the behavior analysis and prediction model and the network event propagation model. The success rate SR of the scheme represents the degree that the actual attack effect of the scheme meets the expected attack effect, is the basis for evaluating the quality of the attack scheme, and is generally expressed by percentage. The definition of the success rate of the analogy scheme can define the index coverage rate F, and the coverage rate represents the coverage degree of the actual attack effect of the scheme meeting the attack prediction index. Therefore, in general, it can be considered that the more comprehensive the simulated indexes cover, the more comprehensive the obtained characteristics of the target person or the target group are, and thus the reliability of the constructed social network modeling platform is higher. Different network attack schemes can be generated aiming at different attack tasks, so that the quantitative description of the indexes is different.
Some scientists have been working on the field of social engineering assessment, attack and defense, but these studies are relatively poor. Because China is not enough in the aspects of information security infrastructure and modern network information war research, a deeper and more comprehensive investigation needs to be carried out in order to provide a theoretical basis and a practical method for making reasonable security guarantee measures of a communication network and making a communication network attack strategy for enemy and friend schools.
Disclosure of Invention
The invention aims to provide a social engineering attack simulation and verification quantitative evaluation method, which is used for simulating an attack chain in social engineering and evaluating the attack effect of the attack chain.
In order to achieve the purpose, the technical scheme of the invention is as follows: a social engineering attack simulation and verification quantitative evaluation method comprises the following steps:
step 1, determining an attack load by using a disguised identity selected for a selected attack target and a specific attack means adopted by a weak point of an attacker;
step 2, evaluating the severity and the lethality of the consequences caused by the attack load;
step 3, selecting a corresponding defense means according to the evaluation result obtained in the step 2 to intercept social engineering attacks;
and 4, constructing an index system for simulation and verification, and evaluating a simulation result.
Further, before step 1, information of the attack target needs to be collected, the masquerading identity is selected by using the information of the attack target, and the vulnerability of the attacked is determined.
Furthermore, the information collection mode of the attack target comprises administrator user information collection, server system information collection and network information collection.
Further, the severity evaluation of the attack consequences comprises network system damage, personal privacy data leakage, out-of-control operation and maintenance authority, network system damage and bad information propagation.
Further, the lethality evaluation of the attack consequences comprises click rate of key information collection, download rate of malicious software and malicious executable files, execution rate of the malicious executable files, attack target population range, attack method application scenario and generalization of attack load transmission paths.
Further, the defense means includes:
consciousness training, namely improving the sensitivity of a user to semantic attacks through the user consciousness training;
sandbox training, testing untrusted operations in a system through a virtualized computer environment;
a monitoring mode, which is the observation of computer system behavior generated by a user or programmable action through a collection, aggregation and analysis mechanism;
integrity checking to determine if the website or data is trustworthy by providing a visual response and associated documentation to the user;
machine learning defends against known and potential attacks and can distinguish legitimate and illegitimate data by performing malware detection.
The invention has the beneficial effects that: the method can be used for simulating the attack chain in social engineering, comprehensively thinking and researching the attack chain in social engineering through confirmation of attack load, evaluation of attack consequences and evaluation of defense effect, makes up the defects of China in the aspects of information security infrastructure and modern network information war research to a certain extent, and provides theoretical basis and practical method for making reasonable security guarantee measures of communication networks and making attack strategies of communication networks for enemy and friend schools.
Drawings
Fig. 1 is a flow chart of a social engineering simulation and verification method based on phishing mails according to an embodiment of the invention.
Detailed Description
The embodiments of the present invention will be described in detail below, examples of which are illustrated in the accompanying drawings, and the embodiments described below by referring to the drawings are exemplary only for the purpose of illustrating the present invention and are not to be construed as limiting the present invention. It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein. The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, a social engineering simulation and verification method based on phishing mails, which can simulate the formation of an attack chain, evaluate the attack effect and provide a corresponding defense means, comprises the following processing steps:
step S1 is to collect the network registration account and information of the target system by means of social engineering through a network search engine, field understanding, telephone consultation, etc., thereby determining the attack target.
The attacker determines the attack targets in this example by gathering information about the specific attack targets, which are haphazard and autonomic in character, property of the financing aspect, interest in stocks, and forwarding on social platforms, some content of comments, and tendency to democratics.
The manner of obtaining user information is shown in the following table:
step S2 selects an identity that the attacker needs to disguise to ensure success of the attack, for the selected attack target.
This trusted masquerading identity makes the attacker look like a known entity from a company employee or from a domain similar to its trusted partner to ensure that the attacker can trust the attacker and click into the url or malicious advertisement in the mail sent by the attacker. Aiming at the specific attack object in the example, the attacker adopts an attack mode of sending malicious advertisements to the attack object, performing NFC phishing and Bluetooth phishing, wherein the advertisements are sent to be disguised as advertisers, the advertisements can be disguised as red crosses when the advertisements are sent, and the equipment needs to be disguised as equipment familiar to the attacker when the advertisements are sent to be performed by the NFC phishing.
Step S3 takes advantage of some inherent weaknesses of the attacker to ensure that the attack is successful.
A user who needs precaution consciousness check opens malicious advertisements with macro viruses, a malicious Installer (Installer) automatically runs after the user clicks, the Installer releases and loads a Rookit kernel driver, then the Rootkit injects an APC thread into a system key process svchost.exe (injection body main.dll), the main.dll opens a local network port, an HTTPS protocol is used for actively connecting an extranet main control server, and once the connection is successful, the user starts to wait for an attacker to issue an instruction and can download other hacker tools or plug-ins; meanwhile, the weak point of poor user prevention consciousness is utilized, when a user mobile phone is pasted on a legal surface (such as a poster for contribution of red cross), the maliciously modified NFC label interacts with NFC software on a user smart mobile phone, and the user is guided to a malicious website instead of a page for contribution of red cross; when a user makes a bluetooth connection, it is inadvertently easy to connect to an attacker's device.
After the preparation work of the early stage of the attack is completed in step S4, a corresponding attack load can be formulated.
After the first three steps are completed, corresponding attack load can be formulated according to the determined attack target, the identity of the attacker and the adopted attack mode. The attack load refers to an attack strategy made by the identity, means and the character weakness of the utilized attacker for attacking the user.
Step S5 selects different attack loads to generate different attack results, and evaluates the simulation effect.
The target person Li Ming is attacked, the platform obtains the Li Ming through a certain channel, the character is happy and self-disciplined, the property in the aspect of finance, the interest of stocks and the forwarding on a social platform, some contents of comments, the tendency of a folk owner and religious beliefs of the folk owner simulate the character, the attack mode is malicious advertisement, NFC phishing and Bluetooth phishing, and the index coverage rate of the platform is 11.9 percent at the moment.
The scope of the S6 semantic attack is wide and constantly under development, so the defense strategy is also diverse.
The weak point utilized by the attacker in the example is mainly that the defending consciousness of the attacker is poor. And user cheating is a main attack mode, so that the sensitivity of the user to social worker attack can be improved to a certain extent through user awareness training. Continuous learning is the core of a deep defense model, and under the condition of semantic attack, interactive training can improve learning and consciousness to the maximum extent, for example, a test or game interactive mode is adopted.
In conclusion, the method can be used for simulating the attack chain in social engineering, comprehensively thinking and researching the attack chain in social engineering through confirmation of attack load, evaluation of attack consequences and evaluation of defense effect, makes up for the defects of China in information security infrastructure and modern network information war research to a certain extent, and provides theoretical basis and practical method for making reasonable communication network security guarantee measures and making communication network attack strategies for enemy and friend schools.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. A social engineering attack simulation and verification quantitative evaluation method is characterized by comprising the following steps:
step 1, determining an attack load by using a disguised identity selected for a selected attack target and a specific attack means adopted by a weak point of an attacker;
step 2, evaluating the severity and the lethality of the consequences caused by the attack load;
step 3, selecting a corresponding defense means according to the evaluation result obtained in the step 2 to intercept social engineering attacks;
and 4, constructing an index system for simulation and verification, and evaluating a simulation result.
2. The social engineering attack simulation and verification quantitative evaluation method as claimed in claim 1, wherein before the step 1, information of an attack target is collected, and the information of the attack target is used to select a disguised identity and determine the vulnerability of an attacked.
3. The social engineering attack simulation and verification quantitative evaluation method as claimed in claim 2, wherein the information collection manner of the attack target includes administrator user information collection, server system information collection and network information collection.
4. The social engineering attack simulation and verification quantitative evaluation method as claimed in claim 1, wherein the severity evaluation of the attack consequences comprises network system destruction, personal privacy data disclosure, loss of control of operation and maintenance authority, network system destruction, and malicious information propagation.
5. The social engineering attack simulation and verification quantitative evaluation method as claimed in claim 1, wherein the lethality evaluation of the attack consequences comprises click rate of key information collection, download rate of malicious software and malicious executable files, execution rate of the malicious executable files, attack target population range, attack method application scenario and generalization of attack load transmission path.
6. The social engineering attack simulation and verification quantitative evaluation method of claim 1, wherein the defense means comprises:
consciousness training, namely improving the sensitivity of a user to semantic attacks through the user consciousness training;
sandbox training, testing untrusted operations in a system through a virtualized computer environment;
a monitoring mode, which is the observation of computer system behavior generated by a user or programmable action through a collection, aggregation and analysis mechanism;
integrity checking to determine if the website or data is trustworthy by providing a visual response and associated documentation to the user;
machine learning defends against known and potential attacks and can distinguish legitimate and illegitimate data by performing malware detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110244730.6A CN113055366A (en) | 2021-03-05 | 2021-03-05 | Social engineering attack simulation and verification quantitative evaluation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110244730.6A CN113055366A (en) | 2021-03-05 | 2021-03-05 | Social engineering attack simulation and verification quantitative evaluation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113055366A true CN113055366A (en) | 2021-06-29 |
Family
ID=76510114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110244730.6A Pending CN113055366A (en) | 2021-03-05 | 2021-03-05 | Social engineering attack simulation and verification quantitative evaluation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113055366A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208638A (en) * | 2022-06-24 | 2022-10-18 | 深圳零时科技有限公司 | Network security consciousness assessment method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101682626A (en) * | 2007-05-24 | 2010-03-24 | 爱维技术解决方案私人有限公司 | Method and system for simulating a hacking attack on a network |
| CN108183888A (en) * | 2017-12-15 | 2018-06-19 | 恒安嘉新(北京)科技股份公司 | A kind of social engineering Network Intrusion path detection method based on random forests algorithm |
| CN109067637A (en) * | 2018-06-15 | 2018-12-21 | 北京首联信通科技有限公司 | Network information security Consciousness Education method and device, storage medium |
| CN109861977A (en) * | 2018-12-28 | 2019-06-07 | 北京红山瑞达科技有限公司 | A kind of method that promotion personnel awareness of network security is promoted |
-
2021
- 2021-03-05 CN CN202110244730.6A patent/CN113055366A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101682626A (en) * | 2007-05-24 | 2010-03-24 | 爱维技术解决方案私人有限公司 | Method and system for simulating a hacking attack on a network |
| CN108183888A (en) * | 2017-12-15 | 2018-06-19 | 恒安嘉新(北京)科技股份公司 | A kind of social engineering Network Intrusion path detection method based on random forests algorithm |
| CN109067637A (en) * | 2018-06-15 | 2018-12-21 | 北京首联信通科技有限公司 | Network information security Consciousness Education method and device, storage medium |
| CN109861977A (en) * | 2018-12-28 | 2019-06-07 | 北京红山瑞达科技有限公司 | A kind of method that promotion personnel awareness of network security is promoted |
Non-Patent Citations (3)
| Title |
|---|
| 杨军: "网络信息安全社会工程学研究", 《2012 INTERNATIONAL CONFERENCE ON EARTH SCIENCE AND REMOTE SENSING》 * |
| 王琦,李梦雅,汤奕,倪明: "电力信息物理系统网络攻击与防御研究综述(一)建模与评估", 《电力系统自动化》 * |
| 罗玉梅: "网络安全中的社会工程学应用研究", 《无线互联科技》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208638A (en) * | 2022-06-24 | 2022-10-18 | 深圳零时科技有限公司 | Network security consciousness assessment method and device |
| CN115208638B (en) * | 2022-06-24 | 2024-04-16 | 深圳零时科技有限公司 | Network security consciousness assessment method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aldawood et al. | An academic review of current industrial and commercial cyber security social engineering solutions | |
| Al-Otaibi et al. | A study on social engineering attacks: Phishing attack | |
| Parmar et al. | On the Use of Cyber Threat Intelligence (CTI) in Support of Developing the Commander's Understanding of the Adversary | |
| CN105141573A (en) | Security protection method and security protection system based on WEB access compliance auditing | |
| Smith et al. | Ethical hacking: Skills to fight cybersecurity threats | |
| Apruzzese et al. | Spacephish: The evasion-space of adversarial attacks against phishing website detectors using machine learning | |
| Veprytska et al. | AI powered attacks against AI powered protection: Classification, scenarios and risk analysis | |
| Baadel et al. | Cybersecurity awareness: A critical analysis of education and law enforcement methods | |
| Basholli et al. | Training of information technology personnel through simulations for protection against cyber attacks | |
| CN113055366A (en) | Social engineering attack simulation and verification quantitative evaluation method | |
| Thompson | Terrorizing the Technological Neighborhood Watch: The Alienation and Deterrence of the White Hats under the CFAA | |
| Porch | Spoiling for a Fight: Hacking Back with the Active Cyber Defense Certainty Act | |
| Karamagi | A Review of Factors Affecting the Effectiveness of Phishing | |
| Kakareka | What Is Vulnerability Assessment? | |
| Savaglia et al. | CYBERSECURITY VULNERABILITY ANALYSIS VIA VIRTUALIZATION. | |
| Hwang et al. | An Exploratory Study on Artifacts for Cyber Attack Attribution Considering False Flag: Using Delphi and AHP methods | |
| László | National cybersecurity strategy framework | |
| Puchkov et al. | Criteria for Classification of Cyber-training and Analysis of Organizational and Technical Platforms for Their Conduct. | |
| Sun et al. | Analysis of influence for social engineering in information security grade test | |
| Lagesse et al. | Securing pervasive systems against adversarial machine learning | |
| Bhardwaj | Cybersecurity incident response against advanced persistent threats (APTs) | |
| CN116074114B (en) | Network target range defense efficiency evaluation method, device, equipment and storage medium | |
| Labuschagne et al. | The dark side of Web 2.0 | |
| Broberg et al. | The Human Element of Cybersecurity: A Literature Review of Social Engineering Attacks and Countermeasures | |
| RU2763115C1 (en) | Method for adjusting the parameters of a machine learning model in order to identify false triggering and information security incidents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210629 |
|
| RJ01 | Rejection of invention patent application after publication |