Predicting Social Engineering Security Threats Using Fuzzy Logic
Date
Advisors
Journal Title
Journal ISSN
ISSN
DOI
Volume Title
Publisher
Type
Peer reviewed
Abstract
Small and large businesses are increasingly using new technology to store important resources, such as records, financial reports, personal and sensitive data. This paper investigates cybercriminals who use email-based social engineering to influence human behavior and consequently, the authors put forward a framework for mitigating such attacks. Recent findings highlight the heightened levels of cyber-attacks and poor condition of information security systems globally. The complexity of social engineering attacks calls for more attention and methods for mitigation. To this end, using Fuzzy Logic theory, the authors propose a Mamdani Fuzzy Inference Model (FIS) to produce risk mitigation of a company's security level deduced from the email social engineering attacks, since they are often focused on human subjective interpretation of ambiguity. Results show that centroid, bisector and MOM (Middle of Maxima) defuzzification methods produces a predicted accuracy of 90% for the company security level prediction, whilst the other more extreme defuzzification methods LOM (Largest of Maxima), SOM (Smallest of Maxima) achieves a negative result of ~75%, thus Centroid, MOM and Bisector provide the best accuracy.