<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">managementranepa</journal-id><journal-title-group><journal-title xml:lang="ru">Управленческое консультирование</journal-title><trans-title-group xml:lang="en"><trans-title>Administrative Consulting</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1726-1139</issn><issn pub-type="epub">1816-8590</issn><publisher><publisher-name>Russian Presidential Academy of National Economy and Public Administration. North-West Institute of Management.</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.22394/1726-1139-2021-8-97-107</article-id><article-id custom-type="elpub" pub-id-type="custom">managementranepa-1763</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ОБЩЕСТВО И РЕФОРМЫ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>SOCIETY AND REFORMS</subject></subj-group></article-categories><title-group><article-title>Модель социального влияния в анализе социоинженерных атак</article-title><trans-title-group xml:lang="en"><trans-title>Model of Social Influence in Analysis of Socio-engineering Attacks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тулупьева</surname><given-names>Т. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Tulupieva</surname><given-names>T. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Тулупьева Татьяна Валентиновна, доцент факультета государственного и муниципального управления, кандидат психологических наук, доцент</p><p>Санкт-Петербург</p></bio><bio xml:lang="en"><p>Tatyana V. Tulupieva, Associate Professor of the Faculty of State and Municipal Management, PhD in Psychology, Associate Professor</p><p>Saint-Petersburg</p></bio><email xlink:type="simple">tulupeva-tv@ranepa.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Абрамов</surname><given-names>М. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Abramov</surname><given-names>M. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Абрамов Максим Викторович, руководитель лаборатории теоретических и междисциплинарных проблем информатики, кандидат технических наук</p><p>Санкт-Петербург</p></bio><bio xml:lang="en"><p>Maxim V. Abramov, Head of the Laboratory of Theoretical and Interdisciplinary Problems of Informatics, PhD in Technical Science</p><p>Saint-Petersburg</p></bio><email xlink:type="simple">mva@dscs.pro</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тулупьев</surname><given-names>А. Л.</given-names></name><name name-style="western" xml:lang="en"><surname>Tulupiev</surname><given-names>A. L.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Тулупьев Александр Львович, профессор кафедры информатики, доктор физико-математических наук, профессор</p><p>Санкт-Петербург</p></bio><bio xml:lang="en"><p>Alexander l. Tulupiev, Professor of the Department of Informatics, Doctor of Science (Physics and Mathematics), professor</p><p>Saint-Petersburg</p></bio><email xlink:type="simple">alt@dscs.pro</email><xref ref-type="aff" rid="aff-3"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Российская академия народного хозяйства и государственной службы при Президенте Российской Федерации (Северо-Западный институт управления РАНХиГС)</institution></aff><aff xml:lang="en"><institution>Russian Presidential Academy of National Economy and Public Administration (North-West Institute of Management, Branch of RANEPA)</institution></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Санкт-Петербургский федеральный исследовательский центр Российской академии наук</institution></aff><aff xml:lang="en"><institution>Saint-Petersburg Federal Research Centre of the Russian Academy of Sciences</institution></aff></aff-alternatives><aff-alternatives id="aff-3"><aff xml:lang="ru"><institution>Санкт-Петербургский государственный университет</institution></aff><aff xml:lang="en"><institution>Saint-Petersburg State University</institution></aff></aff-alternatives><pub-date pub-type="collection"><year>2021</year></pub-date><pub-date pub-type="epub"><day>15</day><month>10</month><year>2021</year></pub-date><volume>0</volume><issue>8</issue><fpage>97</fpage><lpage>107</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Тулупьева Т.В., Абрамов М.В., Тулупьев А.Л., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Тулупьева Т.В., Абрамов М.В., Тулупьев А.Л.</copyright-holder><copyright-holder xml:lang="en">Tulupieva T.V., Abramov M.V., Tulupiev A.L.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.acjournal.ru/jour/article/view/1763">https://www.acjournal.ru/jour/article/view/1763</self-uri><abstract><p>Целью данного исследования является модернизация модели социоинженерной атаки злоумышленника на пользователя, учитывающая более широкий круг факторов, влияющих на успех социоинженерной атаки, ассоциированных с принципами социального влияния. Методы. Для достижения поставленной цели были проанализированы подходы к социальному влиянию и составляющие социального влияния. Построена интегральная схема социального влияния, приземленная на контекст социоинженерных атак. Результаты. Предложена модель социального влияния, построенная в контексте социоинженерной атаки злоумышленника на пользователя. Предложено новое толкование термина уязвимость пользователя в контексте защиты информации. Выводы. Полученный результат формирует потенциал наполнения моделей пользователя и злоумышленника конкретными уязвимостями и компетенциями, что приведет к уточнению оценок успеха социоинженерной атаки злоумышленника на пользователя, за счет агрегации сведений из произошедших инцидентов.</p></abstract><trans-abstract xml:lang="en"><p>The purpose of this study is to study the modernization of the model of an attacker’s social engineering attack on a user, taking into account a wider range of factors influencing the success of a social engineering attack associated with the principles of social influence. Methods. To achieve this goal, the approaches to social influence and the components of social influence were analyzed. An integrated circuit of social influence is built, grounding in the context of socio-engineering attacks. Results. A model of social influence is proposed, built in the context of an attacker’s social engineering attack on a user. A new interpretation of the term user vulnerability in the context of information security has been proposed. Conclusion. The result obtained forms the potential of filling the user and attacker models with specific vulnerabilities and competencies, which will lead to a more accurate assessment of the success of the attacker’s social engineering attack on the user, due to the aggregation of information from incidents that have occurred.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>социальное влияние</kwd><kwd>социоинженерные атаки</kwd><kwd>уязвимость пользователя</kwd><kwd>атакующее воздействие</kwd></kwd-group><kwd-group xml:lang="en"><kwd>social impact</kwd><kwd>socio-engineering attacks</kwd><kwd>user vulnerability</kwd><kwd>attack impact</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Работа выполнена в рамках проекта по государственному заданию СПБ ФИЦ РАН СПИИРАН № 0073-2019-0003; поддержана Санкт-Петербургским государственным университетом, проект № 73555239; при финансовой поддержке Фонда развития научных исследований и прикладных разработок СЗИУ РАНХиГС, РФФИ, проект № 20-07-00839.</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Абрамов М. В. Модель профиля компетенций злоумышленника в задаче анализа защищенности персонала информационных систем от социоинженерных атак / М. В. Абрамов, А. А. Азаров, Т. В. Тулупьева, А. Л. Тулупьев // Информационно-управляющие системы. 2016. № 4. С. 77–84.</mixed-citation><mixed-citation xml:lang="en">Abramov M. V. Model of the profile of the attacker’s competencies in the task of analyzing the security of information systems personnel from socioengineering attacks / M. V. Abramov, A. A. Azarov, T. V. Tulupyeva, A. L. Tulupyev // Information and control systems [Informatsionno-upravlyayushchie sistemy]. 2016. No. 4. P. 77–84. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Абрамов М. В., Тулупьев А. Л., Тулупьева Т. В. Психологические особенности, психические состояния пользователя и профиль его уязвимостей в контексте социоинженерных атак // Психология психических состояний : сб. статей студентов, магистрантов, аспирантов и молодых ученых. Казань, 2019. С. 312–317.</mixed-citation><mixed-citation xml:lang="en">Abramov M. V., Tulupiev A. L., Tulupyeva T. V. Psychological features, mental states of the user and profile of his vulnerabilities in the context of socioengineering attacks // Psychology of mental states: collection of articles of students, undergraduates, graduate students and young scientists. Kazan, 2019. P. 312–317. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Абрамов М. В., Тулупьева Т. В., Тулупьев А. Л. Социоинженерные атаки: социальные сети и оценки защищенности пользователей. СПб. : ГУАП, 2018. 266 с.</mixed-citation><mixed-citation xml:lang="en">Abramov M. V., Tulupyeva T. V., Tulupyev A. L. Socioengineering attacks: social networks and assessments of user security. St. Petersburg: GUAP, 2018. 266 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Гарднер Г. Искусство и наука влияния на взгляды людей. М., 2008. 247 с.</mixed-citation><mixed-citation xml:lang="en">Gardner H. The Arts And Human Development: translation from English. M., 2008. 247 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Грачев Г., Мельник И. Манипулирование личностью. М., 2003. 376 с.</mixed-citation><mixed-citation xml:lang="en">Grachev G., Melnik I. Manipulation of personality. M, 2003. 376 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Доценко Е. Л. Психология манипуляции: феномены, механизмы и защиты. М. : ЧеРо, Издательство МГУ, 1997. 344 с.</mixed-citation><mixed-citation xml:lang="en">Docenko E. L. Psychology of manipulation: phenomena, mechanisms and defenses. M.: CheRo, Moscow State University Publishing House, 1997. 344 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Зимбардо Ф., Ляйпе М. Социальное влияние. СПб., 2001. 448 с.</mixed-citation><mixed-citation xml:lang="en">Zimbardo F., Leipe M. Social influence. St. Petersburg, 2001. 448 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Кабаченко Т. С. Методы психологического воздействия: учеб. пособие. М. : Педагогическое общество России, 2000. 544 с.</mixed-citation><mixed-citation xml:lang="en">Kabachenko T. S. Methods of psychological impact: teaching manual. M.: Pedagogical Society of Russia, 2000. 544 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Львов Д. Е. Психология межличностного влияния : уч.-метод. пособие. Ижевск, 2005. 110 c.</mixed-citation><mixed-citation xml:lang="en">Lvov D. E. Psychology of interpersonal influence: teaching method. allowance. Izhevsk, 2005. 110 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Ольшанский Д. В. Психология масс. СПб. : Питер, 2001. 363 с.</mixed-citation><mixed-citation xml:lang="en">Olshansky D. V. Psychology of the masses. St. Petersburg: Piter, 2001. 363 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Пую Ю. В. Истоки и генезис феномена манипулирования // Известия Российского государственного педагогического университета им. А. И. Герцена. 2009. № 90. С. 138–143.</mixed-citation><mixed-citation xml:lang="en">Puyu Yu. V. Origins and the genesis of the phenomenon of manipulation // News of the Russian Herzen State Pedagogical University [Izvestiya Rossiiskogo gosudarstvennogo pedagogicheskogo universiteta im. A. I. Gertsena]. 2009. No. 90. P. 138–143. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Семечкин Н. И. Психология социального влияния. СПб. : Речь, 2004. 304 с.</mixed-citation><mixed-citation xml:lang="en">Semechkin N. I. Psychology of social influence. St. Petersburg: Speech, 2004. 304 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Середа Е. И. Социальное влияние как предмет психологического исследования // Вестник Псковского государственного университета. Сер.: Социально-гуманитарные науки. 2009. № 9. С. 124–129.</mixed-citation><mixed-citation xml:lang="en">Sereda E. I. Social influence as a subject of psychological research // Bulletin of Pskov State University. Series: Social and Humanities Sciences [Vestnik Pskovskogo gosudarstvennogo universiteta. Ser.: Sotsial’no-gumanitarnye nauki]. 2009. No. 9. P. 124–129. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Сидоренко Е. В. Тренинг влияния и противостояния влиянию. СПб. : Речь. 2002. 225 с.</mixed-citation><mixed-citation xml:lang="en">Sidorenko E. V. Training influence and opposition to influence. St. Petersburg: Speech. 2002. 225 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Социоинженерные атаки. Проблемы анализа / А. А. Азаров, Т. В. Тулупьева, А. В. Суворова, А. Л. Тулупьев и др. СПб. : Наука, 2016. 352 с.</mixed-citation><mixed-citation xml:lang="en">Socioengineering attacks. Problems of analysis / A. A. Azarov, T. V. Tulupyeva, A. V. Suvorova, A. L. Tulupyev, M. V. Abramov, R. M. Yusupov. St. Petersburg: Science, 2016. 352 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Тернер Дж. Социальное влияние. СПб., 2003. 256 с.</mixed-citation><mixed-citation xml:lang="en">Turner J. Social influence. St. Petersburg, 2003. 256 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Шейнов В. П. Скрытое управление человеком. М. : АСТ. 2005. 816 с.</mixed-citation><mixed-citation xml:lang="en">Sheynov V. P. Hidden human control. M.: AST. 2005. 816 p. (In rus)</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Abramov M. V., Tulupyev A. L. Soft estimates of user protection from social engineering attacks: fuzzy combination of user vulnurabilities and malefactor competencies in the attacking impact success prediction // Artificial Intelligence and Natural Language. 2019. P. 47–58.</mixed-citation><mixed-citation xml:lang="en">Abramov M. V., Tulupyev A. L. Soft estimates of user protection from social engineering attacks: fuzzy combination of user vulnurabilities and malefactor competencies in the attacking impact success prediction // Artificial Intelligence and Natural Language. 2019. P. 47–58.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Jones E. E., Pittman T. S. Toward a General Theory of Strategic Self-Presentation // Psychological Perspectives on the Self / ed. J. Suls, 1982. Vol. 1. Erlbaum, Hillsdale. P. 231–262.</mixed-citation><mixed-citation xml:lang="en">Jones E. E., Pittman T. S. Toward a General Theory of Strategic Self-Presentation // Psychological Perspectives on the Self / ed. J. Suls, 1982. Vol. 1. Erlbaum, Hillsdale. P. 231–262.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Michael A., Eloff J. Discovering “Insider IT Sabotage” based on human behaviour // Information and Computer Security. 2020. Vol. 28. N 4. P. 575–589.</mixed-citation><mixed-citation xml:lang="en">Michael A., Eloff J. Discovering “Insider IT Sabotage” based on human behaviour // Information and Computer Security. 2020. Vol. 28. N 4. P. 575–589.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Rubia F., Affan Y., Lin L., Wang J. at al. Data for: Are the Con Artists Back? Deciphering Social Engineering Attacks. 2019. 04 августа [Электронный ресурс]. URL: https://data.mendeley.com/datasets/yw2djp4vdg/1 (дата обращения: 12.02.2021).</mixed-citation><mixed-citation xml:lang="en">Rubia F., Affan Y., Lin L., Wang J. at al. Data for: Are the Con Artists Back? Deciphering Social Engineering Attacks. 2019. 04 августа [Electronic resource]. URL: https://data.mendeley.com/datasets/yw2djp4vdg/1 (date of the address: 12.02.2021).</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
