摘要: |
社工是黑客社区一种非常流行的攻击方法,对网络空间安全造成了严重的危害。然而,社工的概念定义作为理解社工威胁、开展社工研究的基础,却并不一致、明晰,而且随着概念的演化逐渐显现模糊、泛化、消解的趋势,影响社工安全研究与防护工作的开展。本文对社工概念演化进行了体系化的研究,同时也分析了社工攻击威胁的特性及态势,梳理了社工实现方式/技术的发展和趋势,总结了社工概念定义存在的问题及面临的挑战,并对社工概念重新定义问题进行了讨论,以期为社工安全研究提供参考、促进社工安全防护研究。 |
关键词: 社会工程学 社交工程 社工 概念 演化 定义 安全 威胁 攻击 防护 |
DOI:10.19363/J.cnki.cn10-1380/tn.2021.03.02 |
Received:March 19, 2019 |
基金项目:本课题得到国家重点研发计划(No.2017YFB0802804);自然基金青年项目(No.61702503)资助。 |
|
The Concept Evolution Analysis of Social Engineering |
WANG Zuoguang,ZHU Hongsong,SUN Limin |
School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, Chinas |
Abstract: |
Social engineering is a very popular attack in the hacker community, and has brought severe damage to cyber security. However, the concept of social engineering is not consistent and clear, despite its fundamental role in social engineering research. Furthermore, there is a tendency to be obscure, overgeneralize and decompose in the concept evolution of the social engineering. These phenomena impede the security research and defense on social engineering. This paper studies the concept evolution of social engineering, and analyzes the problems and challenges faced by the concept. It ends with a discussion on the concept redefinition, to promote the future research on social engineering. |
Key words: social engineering concept evolution definition security threat attack defense |