Date of Award

3-5-2008

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD

Abstract

Hackers frequently use social engineering attacks to gain a foothold into a target network. This type of attack is a tremendous challenge to defend against, as the weakness lies in the human users, not in the technology. Thus far, methods for dealing with this threat have included establishing better security policies and educating users on the threat that exists. Existing techniques aren’t working as evidenced by the fact that auditing agencies consider it a given that will be able to gain access via social engineering. The purpose of this research is to propose a better method of reducing an individual’s vulnerability to social engineering attacks. The first part of the research formally establishes the connection between social engineering attacks and what social psychologists call, “illegitimate persuasion” using content analysis to show that both target the same common psychological triggers. This comparison is done by comparing specific examples in different mediums. Once this connection is established, this research also proposes how to apply specific techniques that have been shown to be effective in increasing an individual’s resistance to persuasion. Specifically, it uses techniques that have been shown to be effective in bolstering an individual’s resistance illegitimate persuasion. The research culminates in the proposal of a template for a training program using these new techniques that can be incorporated into existing training classes that should significantly reduce an individual’s vulnerability to social engineering attacks.

AFIT Designator

AFIT-GIR-ENG-08-04

DTIC Accession Number

ADA487118

Share

COinS