LEVERAGING AI AND CLOUD COMPUTING TO ENHANCE CYBERSECURITY AGAINST SOCIAL ENGINEERING THREATS
Keywords:
Social Engineering Attacks, Artificial Intelligence (AI), Cloud Services, Cybersecurity, Machine LearningAbstract
The rapid advancement of technology has led to an increase in the frequency and sophistication of social engineering attacks, which exploit human psychology to breach organizational defences and gain unauthorized access to sensitive information. This article explores the crucial role of Artificial Intelligence (AI) and cloud services in enhancing cybersecurity and thwarting social engineering attacks. By leveraging the power of machine learning, big data analytics, and cloud-based platforms, organizations can detect phishing attempts, analyze user behavior, predict potential threats, enhance authentication processes, deliver personalized security awareness training, and automate incident response and remediation. The article provides an overview of social engineering attacks, including their definition, characteristics, types, and impact, and delves into the various ways AI and cloud services can be utilized to combat these threats. It also discusses the challenges and ethical considerations surrounding the use of AI in cybersecurity and emphasizes the importance of a proactive and adaptive approach to staying ahead of evolving social engineering tactics. The article concludes by highlighting the need for future research and development in AI-driven cybersecurity solutions and the importance of collaboration between academia, industry, and government to drive innovation in this field.
References
K. Krombholz, H. Hobel, M. Huber, and E. Weippl, "Advanced social engineering attacks," Journal of Information Security and Applications, vol. 22, pp. 113-122, 2015.
S. Samtani, R. Chinn, H. Chen, and J. F. Nunamaker, "Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence," Journal of Management Information Systems, vol. 34, no. 4, pp. 1023-1053, 2017.
Verizon, "2022 Data Breach Investigations Report," 2022. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
Federal Bureau of Investigation, "Business Email Compromise: The $43 Billion Scam," 2021. [Online]. Available: https://www.ic3.gov/Media/Y2021/PSA210916
Proofpoint, "The Human Factor 2021," 2021. [Online]. Available: https://www.proofpoint.com/us/resources/threat-reports/human-factor
M. Alazab and M. Tang, "Deep Learning Applications for Cyber Security," Springer International Publishing, 2019.
K. Ivaturi and L. Janczewski, "A taxonomy for social engineering attacks," in CONF-IRM 2011 Proceedings, 2011.
M. Khonji, Y. Iraqi, and A. Jones, "Phishing detection: a literature survey," IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2091-2121, 2013.
R. B. Cialdini, "Influence: Science and practice," Pearson Education, 2009.
A. K. Jain and B. B. Gupta, "Phishing detection: analysis of visual similarity based approaches," Security and Communication Networks, vol. 2017, 2017.
S. Gupta, A. Singhal, and A. Kapoor, "A literature survey on social engineering attacks: phishing attack," in 2016 International Conference on Computing, Communication and Automation (ICCCA), pp. 537-540, IEEE, 2016.
P. Karpman and M. L. Donia, "The hare and the tortoise: managing malicious insider threat with social engineering," in CONF-IRM 2019 Proceedings, 2019.
K. D. Mitnick and W. L. Simon, "The art of deception: Controlling the human element of security," John Wiley & Sons, 2011.
I. Ghafir, V. Prenosil, and M. Hammoudeh, "Defending against the advanced persistent threat: detection and mitigation methods," in Securing Cyber-Physical Systems, pp. 243-263, CRC Press, 2015.
E. R. Leukfeldt, E. R. Kleemans, and R. A. Stol, "Cybercriminal networks, social ties and online forums: social ties versus digital ties within phishing and malware networks," British Journal of Criminology, vol. 57, no. 3, pp. 704-722, 2017.
J. Hong, "The state of phishing attacks," Communications of the ACM, vol. 55, no. 1, pp. 74-81, 2012.
Y. Zhang, S. Egelman, L. Cranor, and J. Hong, "Phinding phish: Evaluating anti-phishing tools," in Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007), 2007.
I. Fette, N. Sadeh, and A. Tomasic, "Learning to detect phishing emails," in Proceedings of the 16th International Conference on World Wide Web, pp. 649-656, ACM, 2007.
M. Alazab, R. Layton, R. Broadhurst, and B. Bouhours, "Malicious spam emails developments and authorship attribution," in 2013 Fourth Cybercrime and Trustworthy Computing Workshop, pp. 58-68, IEEE, 2013.
R. Dhamija, J. D. Tygar, and M. Hearst, "Why phishing works," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581-590, ACM, 2006.
W. Eberle and L. Holder, "Applying graph-based anomaly detection approaches to the discovery of insider threats," in 2009 IEEE International Conference on Intelligence and Security Informatics, pp. 206-208, IEEE, 2009.
I. Jeun, Y. Lee, and D. Won, "A practical study on advanced persistent threats," Computer Applications for Security, Control and System Engineering, pp. 144-152, 2012.
M. A. Sasse and I. Flechais, "Usable security: Why do we need it? How do we get it?," in Security and Usability: Designing Secure Systems That People Can Use, pp. 13-30, O'Reilly Media, Inc., 2005.
J. Shin, J. Lee, and J. Kim, "Design of new model for the detection of suspicious email based on hierarchical analysis and SVM," in 2008 10th International Conference on Advanced Communication Technology, vol. 1, pp. 535-538, IEEE, 2008.
A. Yasin and A. Fatima, "Enterprise security: A survey of machine learning based anomaly detection techniques," in 2020 International Conference on Applied Emerging Technologies (ICAET), pp. 1-6, IEEE, 2020.
A. A. Anisi and N. Mustaffa, "Machine learning model to predict human vulnerability to social engineering attacks," International Journal of Advanced Computer Science and Applications, vol. 11, no. 5, pp. 161-166, 2020.
P. Kaur, M. Kumar, and A. Bhandari, "A review of detection approaches for distributed denial of service attacks," Systems Science & Control Engineering, vol. 5, no. 1, pp. 301-320, 2017.
S. Zhu, J. Shi, L. Yang, B. Qin, Z. Zhang, L. Song, and G. Wang, "Measuring and modeling the label dynamics of online anti-malware engines," in 29th USENIX Security Symposium (USENIX Security 20), pp. 2361-2378, USENIX Association, 2020.
N. Zheng, A. Paloski, and H. Wang, "An efficient user verification system via mouse movements," in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139-150, ACM, 2011.
K. P. Tee, A. N. Parisis, and P. D. Howells, "Biometric authentication for machine learning-based clinical decision support systems," in 2012 IEEE 12th International Conference on Bioinformatics & Bioengineering (BIBE), pp. 315-320, IEEE, 2012.
E. Shi, Y. Niu, M. Jakobsson, and R. Chow, "Implicit authentication through learning user behavior," in International Conference on Information Security, pp. 99-113, Springer, 2010.
A. Bianchi, I. Oakley, and D. S. Kwon, "The secure haptic keypad: a tactile password system," in Proceedings of the SIGCHI Conference on Human Factors in Computing
M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, "Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication," IEEE Transactions on Information Forensics and Security, vol. 8, no. 1, pp. 136-148, 2013.
S. Schechter, A. J. B. Brush, and S. Egelman, "It's no secret. Measuring the security and reliability of authentication via 'secret' questions," in 2009 30th IEEE Symposium on Security and Privacy, pp. 375-390, IEEE, 2009.
A. Forget, S. Chiasson, P. C. van Oorschot, and R. Biddle, "Improving text passwords through persuasion," in Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 1-12, ACM, 2008.
M. Alohaly and H. Takabi, "Better than blacklists: Predicting malicious domains using k-gram based machine learning," in 2016 IEEE Conference on Communications and Network Security (CNS), pp. 380-388, IEEE, 2016.
A. Aldawood, T. Alashjaee, and M. Al-Yahya, "Automatic grading of online exams using machine learning: A literature review," in 2020 2nd International Conference on Computer and Information Sciences (ICCIS), pp. 1-6, IEEE, 2020.
J. A. Holgado, D. García-Retuerta, J. M. Saiz, J. A. Lara, and P. Herráez, "A machine-learning-based intelligent system for the automatic adaptation of difficulty in competitive online video games," Symmetry, vol. 13, no. 4, p. 603, 2021.
G. D'Angelo and F. Palmieri, "Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial-temporal features extraction," Journal of Network and Computer Applications, vol. 173, p. 102890, 2021.
J. Jiang, S. Wen, S. Yu, Y. Xiang, and W. Zhou, "Identifying propagation sources in networks: State-of-the-art and comparative studies," IEEE Communications Surveys & Tutorials, vol. 19, no. 1, pp. 465-481, 2017.
M. De Donno, N. Dragoni, A. Giaretta, and A. Spognardi, "DDoS-capable IoT malwares: Comparative analysis and mirai investigation," Security and Communication Networks, vol. 2018, 2018.
M. S. Khan and M. R. Farah, "Artificial intelligence for Ddos attack detection in wireless sensor networks: An investigation," Journal of Information Security and Applications, vol. 60, p. 102857, 2021.
M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Network anomaly detection: Methods, systems and tools," IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303-336, 2014.
D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, "A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence," Journal of Computational Science, vol. 27, pp. 394-409, 2018.
I. Corona, G. Giacinto, and F. Roli, "Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues," Information Sciences, vol. 239, pp. 201-225, 2013.
C. Wagner, A. Dulaunoy, G. Wagener, and A. Iklody, "MISP: The design and implementation of a collaborative threat intelligence sharing platform," in Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49-56, ACM, 2016.
A. Abou El Kalam, "IoT-MAAC: IoT multiple attributes access control," in 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN), pp. 57-64, IEEE, 2020.
M. Husák, J. Komárková, E. Bou-Harb, and P. Čeleda, "Survey of attack projection, prediction, and forecasting in cyber security," IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 640-660, 2019.
W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang, "End-to-end encrypted traffic classification with one-dimensional convolution neural networks," in 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43-48, IEEE, 2017.
S. Iqbal, M. L. M. Kiah, B. Dhaghighi, M. Hussain, S. Khan, M. K. Khan, and K.-K. R. Choo, "On cloud security attacks: A taxonomy and intrusion detection and prevention as a service," Journal of Network and Computer Applications, vol. 74, pp. 98-120, 2016.
Y. Xin, L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang, "Machine learning and deep learning methods for cybersecurity," IEEE Access, vol. 6, pp. 35365-35381, 2018.
B. Biggio and F. Roli, "Wild patterns: Ten years after the rise of adversarial machine learning," Pattern Recognition, vol. 84, pp. 317-331, 2018.
R. V. Yampolskiy and M. S. Spellchecker, "Artificial intelligence safety and cybersecurity: A timeline of AI failures," arXiv preprint arXiv:1610.07997, 2016.
M. Barreno, B. Nelson, A. D. Joseph, and J. D. Tygar, "The security of machine learning," Machine Learning, vol. 81, no. 2, pp. 121-148, 2010.
M. Egele, T. Scholte, E. Kirda, and C. Kruegel, "A survey on automated dynamic malware-analysis techniques and tools," ACM Computing Surveys (CSUR), vol. 44, no. 2, pp. 1-42, 2008.
L. Bilge and T. Dumitras, "Before we knew it: An empirical study of zero-day attacks in the real world," in Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833-844, ACM, 2012.
A. Arora, S. K. Peddoju, V. Chouhan, and A. Chaudhary, "Hybrid Android malware detection by combining supervised and unsupervised learning," in Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, pp. 798-800, ACM, 2018.