Model of Social Influence in Analysis of Socio-engineering Attacks

The purpose of this study is to study the modernization of the model of an attacker’s social engineering attack on a user, taking into account a wider range of factors influencing the success of a social engineering attack associated with the principles of social influence. Methods. To achieve this goal, the approaches to social influence and the components of social influence were analyzed. An integrated circuit of social influence is built, grounding in the context of socio-engineering attacks. Results. A model of social influence is proposed, built in the context of an attacker’s social engineering attack on a user. A new interpretation of the term user vulnerability in the context of information security has been proposed. Conclusion. The result obtained forms the potential of filling the user and attacker models with specific vulnerabilities and competencies, which will lead to a more accurate assessment of the success of the attacker’s social engineering attack on the user, due to the aggregation of information from incidents that have occurred.

1. Abramov M. V. Model of the profile of the attacker’s competencies in the task of analyzing the security of information systems personnel from socioengineering attacks / M. V. Abramov, A. A. Azarov, T. V. Tulupyeva, A. L. Tulupyev // Information and control systems [Informatsionno-upravlyayushchie sistemy]. 2016. No. 4. P. 77–84. (In rus)

2. Abramov M. V., Tulupiev A. L., Tulupyeva T. V. Psychological features, mental states of the user and profile of his vulnerabilities in the context of socioengineering attacks // Psychology of mental states: collection of articles of students, undergraduates, graduate students and young scientists. Kazan, 2019. P. 312–317. (In rus)

3. Abramov M. V., Tulupyeva T. V., Tulupyev A. L. Socioengineering attacks: social networks and assessments of user security. St. Petersburg: GUAP, 2018. 266 p. (In rus)

4. Gardner H. The Arts And Human Development: translation from English. M., 2008. 247 p. (In rus)

5. Grachev G., Melnik I. Manipulation of personality. M, 2003. 376 p. (In rus)

6. Docenko E. L. Psychology of manipulation: phenomena, mechanisms and defenses. M.: CheRo, Moscow State University Publishing House, 1997. 344 p. (In rus)

7. Zimbardo F., Leipe M. Social influence. St. Petersburg, 2001. 448 p. (In rus)

8. Kabachenko T. S. Methods of psychological impact: teaching manual. M.: Pedagogical Society of Russia, 2000. 544 p. (In rus)

9. Lvov D. E. Psychology of interpersonal influence: teaching method. allowance. Izhevsk, 2005. 110 p. (In rus)

10. Olshansky D. V. Psychology of the masses. St. Petersburg: Piter, 2001. 363 p. (In rus)

11. Puyu Yu. V. Origins and the genesis of the phenomenon of manipulation // News of the Russian Herzen State Pedagogical University [Izvestiya Rossiiskogo gosudarstvennogo pedagogicheskogo universiteta im. A. I. Gertsena]. 2009. No. 90. P. 138–143. (In rus)

12. Semechkin N. I. Psychology of social influence. St. Petersburg: Speech, 2004. 304 p. (In rus)

13. Sereda E. I. Social influence as a subject of psychological research // Bulletin of Pskov State University. Series: Social and Humanities Sciences [Vestnik Pskovskogo gosudarstvennogo universiteta. Ser.: Sotsial’no-gumanitarnye nauki]. 2009. No. 9. P. 124–129. (In rus)

14. Sidorenko E. V. Training influence and opposition to influence. St. Petersburg: Speech. 2002. 225 p. (In rus)

15. Socioengineering attacks. Problems of analysis / A. A. Azarov, T. V. Tulupyeva, A. V. Suvorova, A. L. Tulupyev, M. V. Abramov, R. M. Yusupov. St. Petersburg: Science, 2016. 352 p. (In rus)

16. Turner J. Social influence. St. Petersburg, 2003. 256 p. (In rus)

17. Sheynov V. P. Hidden human control. M.: AST. 2005. 816 p. (In rus)

18. Abramov M. V., Tulupyev A. L. Soft estimates of user protection from social engineering attacks: fuzzy combination of user vulnurabilities and malefactor competencies in the attacking impact success prediction // Artificial Intelligence and Natural Language. 2019. P. 47–58.

19. Jones E. E., Pittman T. S. Toward a General Theory of Strategic Self-Presentation // Psychological Perspectives on the Self / ed. J. Suls, 1982. Vol. 1. Erlbaum, Hillsdale. P. 231–262.

20. Michael A., Eloff J. Discovering “Insider IT Sabotage” based on human behaviour // Information and Computer Security. 2020. Vol. 28. N 4. P. 575–589.

21. Rubia F., Affan Y., Lin L., Wang J. at al. Data for: Are the Con Artists Back? Deciphering Social Engineering Attacks. 2019. 04 августа [Electronic resource]. URL: https://data.mendeley.com/datasets/yw2djp4vdg/1 (date of the address: 12.02.2021).