Defining Social Engineering in Cybersecurity

Zuoguang Wang, Limin Sun, Hongsong Zhu
2020 IEEE Access  
Social engineering has posed a serious security threat to infrastructure, user, data and operations of cyberspace. Nevertheless, there are many conceptual deficiencies (such as inconsistent conceptual intensions, a vague conceptual boundary, confusing instances, overgeneralization and abuse) of the term making serious negative impacts on the understanding, analysis and defense of social engineering attacks. In this paper, an in-depth literature survey is conducted, the original meaning of
more » ... engineering in cybersecurity is traced, the conceptual evolution and technical development are analysed systematically, and the conceptual problems are discussed. Based on above work, this paper attempts to address these conceptual deficiencies by proposing a more compatible and precise definition of social engineering in cybersecurity (SEiCS). This definition eliminates the conceptual inconsistencies, covers the mainstream conceptual connotations, clarifies the conceptual boundary, mitigates the overgeneralization and abuse, etc. Five analysis tables (i.e., the comparative analysis of the SEiCS definition vs. mainstream conceptual intensions in the conceptual evolution, the comparative analysis of the SEiCS definition vs. typical definitions in the literature, the analysis of confusing "social engineering cases", the analysis of popular social engineering attack scenarios, and the analysis of social-engineering-based attacks) are provided to illustrate the performance of the proposed definition. INDEX TERMS Definition, social engineering, cyberspace, security, term and conception, history and origin, literature review, conceptual evolution and analysis, human factors, attack. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ VOLUME 8, 2020
doi:10.1109/access.2020.2992807 fatcat:6t6ccozovrbvlipldhd6lclnym