Predicting Social Engineering Security Threats Using Fuzzy Logic
Small and large businesses are increasingly using new technology to store important resources, such as records, financial reports, personal and sensitive data. This paper investigates cybercriminals who use email-based social engineering to influence human behavior and consequently, the authors put forward a framework for mitigating such attacks. Recent findings highlight the heightened levels of cyber-attacks and poor condition of information security systems globally. The complexity of social engineering attacks calls for more attention and methods for mitigation. To this end, using Fuzzy Logic theory, the authors propose a Mamdani Fuzzy Inference Model (FIS) to produce risk mitigation of a company's security level deduced from the email social engineering attacks, since they are often focused on human subjective interpretation of ambiguity. Results show that centroid, bisector and MOM (Middle of Maxima) defuzzification methods produces a predicted accuracy of 90% for the company security level prediction, whilst the other more extreme defuzzification methods LOM (Largest of Maxima), SOM (Smallest of Maxima) achieves a negative result of ~75%, thus Centroid, MOM and Bisector provide the best accuracy.
The file attached to this record is the author's final peer reviewed version.
Citation : Morden, J., Khuman, A.S., Fasanmade, A., Lakoju, M. (2020) Predicting Social Engineering Security Threats Using Fuzzy Logic. 13th International Conference on the Developments on eSystems Engineering (DeSE2020), Online, December 2010.
Research Institute : Institute of Artificial Intelligence (IAI)
Peer Reviewed : Yes