Identification of Unintentional Perpetrator Attack Vectors
using Simulation Game: A Case Study

D 2021

Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

MACÁK, Martin, Štefan BOJNÁK and Barbora BÜHNOVÁ

Basic information

Original name

Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

Authors

MACÁK, Martin (703 Slovakia, guarantor, belonging to the institution), Štefan BOJNÁK (703 Slovakia, belonging to the institution) and Barbora BÜHNOVÁ (203 Czech Republic, belonging to the institution)

Edition

New York, Proceedings of the 16th Conference on Computer Science and Intelligence Systems, p. 349-356, 8 pp. 2021

Publisher

IEEE

Other information

Language

English

Type of outcome

Stať ve sborníku

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

United States of America

Confidentiality degree

není předmětem státního či obchodního tajemství

Publication form

electronic version available online

References:

URL

RIV identification code

RIV/00216224:14330/21:00121985

Organization unit

Faculty of Informatics

ISBN

978-83-959183-8-4

DOI

http://dx.doi.org/10.15439/2021F85

UT WoS

000904349400045

Keywords in English

insider attack; process mining; security; unintentional perpetrator; attack vector; case study

Abstract

V originále

In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulation-game platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.

Links

CZ.02.1.01/0.0/0.0/16_019/0000822, interní kód MU
(CEP code: EF16_019/0000822)

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur (Acronym: C4e)

Investor: Ministry of Education, Youth and Sports of the CR, CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence, Priority axis 1: Strengthening capacities for high-quality research

EF16_019/0000822, research and development project

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Citovat

MACÁK, Martin, Štefan BOJNÁK and Barbora BÜHNOVÁ. Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study. Online. In Proceedings of the 16th Conference on Computer Science and Intelligence Systems. New York: IEEE, 2021, p. 349-356. ISBN 978-83-959183-8-4. Available from: https://dx.doi.org/10.15439/2021F85.

@inproceedings{1783877,
   author = {Macák, Martin and Bojnák, Štefan and Bühnová, Barbora},
   address = {New York},
   booktitle = {Proceedings of the 16th Conference on Computer Science and Intelligence Systems},
   doi = {http://dx.doi.org/10.15439/2021F85},
   keywords = {insider attack; process mining; security; unintentional perpetrator; attack vector; case study},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York},
   isbn = {978-83-959183-8-4},
   pages = {349-356},
   publisher = {IEEE},
   title = {Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study},
   url = {https://ieeexplore.ieee.org/abstract/document/9555700},
   year = {2021}
}

TY  - JOUR
ID  - 1783877
AU  - Macák, Martin - Bojnák, Štefan - Bühnová, Barbora
PY  - 2021
TI  - Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study
PB  - IEEE
CY  - New York
SN  - 9788395918384
KW  - insider attack
KW  - process mining
KW  - security
KW  - unintentional perpetrator
KW  - attack vector
KW  - case study
UR  - https://ieeexplore.ieee.org/abstract/document/9555700
N2  - In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulation-game platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.
ER  -

MACÁK, Martin, Štefan BOJNÁK and Barbora BÜHNOVÁ. Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study. Online. In \textit{Proceedings of the 16th Conference on Computer Science and Intelligence Systems}. New York: IEEE, 2021, p.~349-356. ISBN~978-83-959183-8-4. Available from: https://dx.doi.org/10.15439/2021F85.

Detailed Information on Publication Record