Research of the aviation personnel vulnerability profile to social engineering attacks
In conditions of strengthening the informational component of aviation activity, the task of ensuring aviation cybersecurity becomes extremely urgent. Currently, a regulatory framework is being developed that regulates activities in this area, both on the part of the International Civil Aviation Org...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
Moscow State Technical University of Civil Aviation
2020-04-01
|
| Series: | Научный вестник МГТУ ГА |
| Subjects: | |
| Online Access: | https://avia.mstuca.ru/jour/article/view/1672 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850028568638128128 |
|---|---|
| author | A. K. Volkov A. K. Volkov L. I. Frolova |
| author_facet | A. K. Volkov A. K. Volkov L. I. Frolova |
| author_sort | A. K. Volkov |
| collection | DOAJ |
| description | In conditions of strengthening the informational component of aviation activity, the task of ensuring aviation cybersecurity becomes extremely urgent. Currently, a regulatory framework is being developed that regulates activities in this area, both on the part of the International Civil Aviation Organization and at the Russian Federation level. In the complex of aviation cybersecurity threats, which include deliberate attacks, errors of third-party companies, system errors, natural phenomena, the human factor occupies an important place. In this work, this negative phenomenon is considered from the point of view of the aviation personnel vulnerability to social engineering attacks. Such type of attack by an attacker involves a set of applied psychological and analytical techniques that facilitate the receipt of confidential information or the violation of information security rules by legitimate company employees. The existing approach to building a profile of user vulnerabilities to social engineering attacks involves a series of psychological tests, the results of which are used to predict the user vulnerability through its psychological characteristics. In this work a slightly different task is posed, the main idea is to restore the vulnerability profile of aviation personnel from activity data in a social network. This is due to the fact that studying the user profile of a social network will more quickly solve the problem of choosing the most vulnerable employee for a particular type of social engineering attack and introduce preventive measures. The research was conducted on the basis of JSC «Surgut International Airport». 36 aviation security inspectors were selected as the respondents. Empirical data have been obtained including profiles of social network user profiles and a number of psychological tests. Using factor analysis the problem of reducing dimensionality and choosing the most informative indicators characterizing the activity of a social network user has been solved. A discriminant model that allows predicting the vulnerability profile of personnel according to the social network has been developed. Possible types of social engineering attacks on aviation personnel are presented. |
| format | Article |
| id | doaj-art-8922e5e0cdb44133b9e1da9958ffcb77 |
| institution | DOAJ |
| issn | 2079-0619 2542-0119 |
| language | Russian |
| publishDate | 2020-04-01 |
| publisher | Moscow State Technical University of Civil Aviation |
| record_format | Article |
| series | Научный вестник МГТУ ГА |
| spelling | doaj-art-8922e5e0cdb44133b9e1da9958ffcb772025-08-20T02:59:47ZrusMoscow State Technical University of Civil AviationНаучный вестник МГТУ ГА2079-06192542-01192020-04-01232203210.26467/2079-0619-2020-23-2-20-321344Research of the aviation personnel vulnerability profile to social engineering attacksA. K. Volkov0A. K. Volkov1L. I. Frolova2Ulyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.BugaevUlyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.BugaevUlyanovsk Institute of Civil Aviation named after Air Chief Marshal B.P.BugaevIn conditions of strengthening the informational component of aviation activity, the task of ensuring aviation cybersecurity becomes extremely urgent. Currently, a regulatory framework is being developed that regulates activities in this area, both on the part of the International Civil Aviation Organization and at the Russian Federation level. In the complex of aviation cybersecurity threats, which include deliberate attacks, errors of third-party companies, system errors, natural phenomena, the human factor occupies an important place. In this work, this negative phenomenon is considered from the point of view of the aviation personnel vulnerability to social engineering attacks. Such type of attack by an attacker involves a set of applied psychological and analytical techniques that facilitate the receipt of confidential information or the violation of information security rules by legitimate company employees. The existing approach to building a profile of user vulnerabilities to social engineering attacks involves a series of psychological tests, the results of which are used to predict the user vulnerability through its psychological characteristics. In this work a slightly different task is posed, the main idea is to restore the vulnerability profile of aviation personnel from activity data in a social network. This is due to the fact that studying the user profile of a social network will more quickly solve the problem of choosing the most vulnerable employee for a particular type of social engineering attack and introduce preventive measures. The research was conducted on the basis of JSC «Surgut International Airport». 36 aviation security inspectors were selected as the respondents. Empirical data have been obtained including profiles of social network user profiles and a number of psychological tests. Using factor analysis the problem of reducing dimensionality and choosing the most informative indicators characterizing the activity of a social network user has been solved. A discriminant model that allows predicting the vulnerability profile of personnel according to the social network has been developed. Possible types of social engineering attacks on aviation personnel are presented.https://avia.mstuca.ru/jour/article/view/1672cybersecurityaviation securitysocial engineering attackaviation personnelsocial networkuser vulnerability |
| spellingShingle | A. K. Volkov A. K. Volkov L. I. Frolova Research of the aviation personnel vulnerability profile to social engineering attacks Научный вестник МГТУ ГА cybersecurity aviation security social engineering attack aviation personnel social network user vulnerability |
| title | Research of the aviation personnel vulnerability profile to social engineering attacks |
| title_full | Research of the aviation personnel vulnerability profile to social engineering attacks |
| title_fullStr | Research of the aviation personnel vulnerability profile to social engineering attacks |
| title_full_unstemmed | Research of the aviation personnel vulnerability profile to social engineering attacks |
| title_short | Research of the aviation personnel vulnerability profile to social engineering attacks |
| title_sort | research of the aviation personnel vulnerability profile to social engineering attacks |
| topic | cybersecurity aviation security social engineering attack aviation personnel social network user vulnerability |
| url | https://avia.mstuca.ru/jour/article/view/1672 |
| work_keys_str_mv | AT akvolkov researchoftheaviationpersonnelvulnerabilityprofiletosocialengineeringattacks AT akvolkov researchoftheaviationpersonnelvulnerabilityprofiletosocialengineeringattacks AT lifrolova researchoftheaviationpersonnelvulnerabilityprofiletosocialengineeringattacks |