APPROACH TO MODELING OF BEHAVIORAL MANIFESTATIONS IN SOCIAL ENGINEERING IN THE INTERESTS OF INFORMATION PROTECTION
DOI:
https://doi.org/10.24025/2306-4412.4.2020.222064Keywords:
методологія, моделювання, інжиніринг, поведінка, захист інформації.Abstract
The article is devoted to the peculiarities of approaches to modeling of human behavior in the information environment and social engineering to ensure information security in the information cyber environment. The meanings of the concepts "mathematical theory of human systems", "human activities" and "information protection" are considered. The areas of application of social engineering in the process of information protection are clarified. The attention is drawn to the existing traditional approach to ensuring the security of data storage in the information cyber environment.
Furthermore, the problems of constructing a quantitative theory of human systems are considered. It is proved that since human behavior is not amenable to mathematical modeling, none of the created models can be used for behavioral analysis. Moreover, we emphasize that the authors for the first time have drawn attention to the fact that there is a need for a new methodological approach to building a model of human behavior in the digital sphere aimed at protecting information in social engineering. A synergistic and cryptographic approach to constructing a model of behavioral manifestations in the context of social engineering and information security interests is proposed. The essence of the authors' methodological approach is manifested in the fact that as a result of the synergistic interaction of "violators" (social engineers) and information owners – internet users, aimed at achieving a single goal, the possession of information that occurs under specific circumstances and at a certain time, the quality indicators of information protection methods improve. Finally, it is emphasized that to study human behavior in social engineering for further information protection, it is possible only by changing the methodological approach.
References
A. L. Belkarian, and A. S. Akopov, "Modeling of crowd behavior based on intellectual dynamics of interacting agents", Biznesinformatika, no. 1 (31), pp. 69-77, 2015. [in Russian].
L. I. Mochurad, N. I. Boyko, and M. V. Yatskiv, "Modelling of human stress situation in automated control systems of technological processes", Naukovyi visnyk NLTU Ukrainy, vol. 30, no. 1, pp. 152-157, 2020. DOI: 10.36930/ 40300126 [in Ukrainian].
R. Cialdini, Psychology of influence: a textbook for universities. Saint Petersburg, Russia: Peter, 2008. [in Ukrainian].
A. Dalton et al. "Active defense against social engineering: The case for human language technology", in Proc. First Int. Workshop on Social Threats in Online Conversations: Understanding and Management, 2020, pp. 1-8.
G. M. Gulak, Methodology of information protection. Aspects of cybersecurity: a textbook. Kyiv, Ukraine: Vyd-vo NA SB Ukrainy, 2020. [in Ukrainian].
S. M. Sergeev, "The model of violator’s behavior", in XXXVII Sci. and Tech. Conf. of young scientists and specialists of H. Ye. Pukhov Institute of modeling problems in the energy sector of the National Academy of Sciences of Ukraine: abstracts, (Kyiv, May 15, 2019), 2019, pp. 37-38. [in Ukrainian].
Adam Dalton, Alan Zemel, Amirreza Masoumzadeh et al., "Modeling social engineering risk using attitudes, actions, and intentions reflected in language use", in Conf. FLAIRS-32, FL, US Project: PANACEA, 2019, pp. 509-520. [Online]. Available:https://www.flairs-32.info/program#h.p_ngc7nAzybVbQ
Neetu Bansla, Swati Kunwar, and Khushboo Gupta, "Social engineering: A technique for managing human behavior", Journal of Information Technology and Sciences, vol. 5, no. 1, pp. 18-22, 2019. DOI: 10.5281/zenodo.2580822
M. V. Kuznetsov, Social engineering and social hackers: a textbook. Saint Petersburg, Russia: BKhV-Peterburg, 2010. [in Ukrainian].
O. V. Yamkovy, and A. B. Kaczynski, "The search for anomalies in the behavior of Internet resources use with the help of machine learning clustering algorithms", in First Sci. and Pract. Conf. Information Security: Current State, Problems and Prospects, (Kyiv, Sept. 20, 2019) / V. M. Furashev, and S. Yu. Petryaev, Comp., National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute". Kyiv: Politekhnika, 2019, pp. 69-74. [in Ukrainian].
P. Barseghyan, Elements of mathematical theory of human systems activities, part 1. [Online] Available: https://iarex.ru/insimgs/d468ea43f597f6f.pdf.
T. S. Perun, "Administrative and legal mechanism for ensuring information security in Ukraine", Ph.D. thesis in specialty 12.00.07 "Administrative law and process; Financial Law; Information Law", National University "Lviv Polytechnic", Lviv, 2019. [in Ukrainian].
A. Dmytrenko, and V. Miroshnichenko, "The essence of potential and real threats to information", in III All-Ukr. Sci. and Pract. Conf. of young scientists, students and cadets Information protection in information and communication systems: abstracts, (Lviv, Nov. 28, 2019). Lviv, 2019, pp. 4-6. [in Ukrainian].
N. M. Balandina, and M. D. Vasilenko, "Some notes on mathematical possibilities in information security modeling", in II All-Ukr. Sci. and Pract. Conf. Cybersecurity in the modern world (Odessa, Nov. 20, 2020) /A. V. Dykyy, Ed.; N. I. Loginova, V. D. Boyko, and M. O. Flunt, Comp. Odessa: Helvetika, 2020, pp. 124-128. [in Ukrainian].
M. D. Vasilenko, and V. M. Slatvinska, "The power of synergy in the manifestations of legal science: An interdisciplinary study", Naukovi pratsi Natsionalnoho universytetu "Odeska yurydychna akademiia", vol. 24 / Yu. V. Tsurkan-Sayfulina, Chief Ed.; Ministry of education and science of Ukraine, NU "UIA". Odessa: Helvetika, pp. 18-26, 2019. DOI:10.32837/npnuola.v24i0.650 [in Ukrainian].
K. Shannon, "The theory of communication in secret systems", in Works on the theory of information and cybernetics, Moscow, Russia: Inostr. lit., 1963. [in Russian].
Introduction to Cryptography / under the general editorship of V. V. Yashchenko, 3rd ed., add. Moscow, Russia: MTsNMO: "CheRo", 2000. [in Russian].
O. V. Vynohradov, "Actual issues of information protection in automated systems", in Sci. and Pract. Conf. Actual problems of information security in automated systems: abstracts, (Kyiv, Apr. 4, 2019). [Online]. Kyiv: Nats. akad. SBU, 2019, pp. 286-287. [in Ukrainian].
Downloads
Published
How to Cite
Issue
Section
URN
License
Copyright (c) 2020 Наталія Миколаївна Баландіна, Микола Дмитрович Василенко, Валерія Миколаївна Слатвінська, Світлана Володимирівна Сисоєнко The authors who publish in this journal agree to the following terms:The authors reserve the right to authorship of their work and give the journal the right to first publish this work under the terms of the Creative Commons Attribution License CC BY-NC, which allows other persons to freely distribute published work with a mandatory reference to authors of the original work and the first publication of the work in this journal.
Authors have the right to conclude separate additional agreements for the non-exclusive distribution of the paper in the form in which it was published by this journal (for example, posting work in electronic repository or publishing as part of a monograph), provided that the link to the first publication in this journal is maintained.
The journal policy allows and encourages authors to post on the Internet (for example, in repositories of institutions or on personal websites) the manuscript of work, both before the submission of this manuscript to the editorial staff, and during its editorial work, as it contributes to the emergence of productive scientific discussion and positively affects the efficiency and dynamics of published work citation (see The Effect of Open Access).
