Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples

TL;DR

This paper develops a domain ontology and knowledge graph for social engineering in cybersecurity, enabling better understanding, analysis, and detection of social engineering attacks through structured knowledge and application examples.

Contribution

It introduces a formal domain ontology and constructs a knowledge graph for social engineering, facilitating analysis and sharing of domain knowledge in cybersecurity.

Findings

Ontology defines 11 core concepts and 22 relations for social engineering.

Knowledge graph built from 15 attack incidents demonstrates practical applications.

Applications include threat analysis, attack path discovery, and incident understanding.

Abstract

Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.