Predicting Social Engineering Security Threats Using Fuzzy Logic

Date

2020-12-13

Advisors

Journal Title

Journal ISSN

ISSN

DOI

Volume Title

Publisher

Type

Conference

Peer reviewed

Yes

Abstract

Small and large businesses are increasingly using new technology to store important resources, such as records, financial reports, personal and sensitive data. This paper investigates cybercriminals who use email-based social engineering to influence human behavior and consequently, the authors put forward a framework for mitigating such attacks. Recent findings highlight the heightened levels of cyber-attacks and poor condition of information security systems globally. The complexity of social engineering attacks calls for more attention and methods for mitigation. To this end, using Fuzzy Logic theory, the authors propose a Mamdani Fuzzy Inference Model (FIS) to produce risk mitigation of a company's security level deduced from the email social engineering attacks, since they are often focused on human subjective interpretation of ambiguity. Results show that centroid, bisector and MOM (Middle of Maxima) defuzzification methods produces a predicted accuracy of 90% for the company security level prediction, whilst the other more extreme defuzzification methods LOM (Largest of Maxima), SOM (Smallest of Maxima) achieves a negative result of ~75%, thus Centroid, MOM and Bisector provide the best accuracy.

Description

The file attached to this record is the author's final peer reviewed version.

Keywords

Cyber Criminals, Cybersecurity, Fuzzy logic, Social Engineering, Phishing

Citation

Morden, J., Khuman, A.S., Fasanmade, A., Lakoju, M. (2020) Predicting Social Engineering Security Threats Using Fuzzy Logic. 13th International Conference on the Developments on eSystems Engineering (DeSE2020), Online, December 2010.

Rights

Research Institute