• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

从社会工程网络攻击视角看人类认知

Human Cognition Through the Lens of Social Engineering Cyberattacks.

作者信息

Montañez Rosana, Golob Edward, Xu Shouhuai

机构信息

Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, United States.

Department of Psychology, University of Texas at San Antonio, San Antonio, TX, United States.

出版信息

Front Psychol. 2020 Sep 30;11:1755. doi: 10.3389/fpsyg.2020.01755. eCollection 2020.

DOI:10.3389/fpsyg.2020.01755
PMID:33101096
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC7554349/
Abstract

Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called , which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

摘要

社会工程网络攻击是一个重大威胁,因为它们常常是复杂且具有破坏性的网络攻击的前奏。社会工程网络攻击是一种利用人类认知功能弱点的心理攻击。要对社会工程网络攻击进行充分防御,需要更深入地了解这些网络攻击利用了人类认知的哪些方面、人类为何易受这些网络攻击影响,以及我们如何能够将其损害降至最低或至少减轻。这些问题已受到一定程度的关注,但目前的理解较为肤浅且分散于文献之中。在本文中,我们从社会工程网络攻击的视角审视人类认知。然后,我们提出一个扩展的人类认知功能框架以适应社会工程网络攻击。我们将现有的关于社会工程网络攻击各方面的研究纳入该扩展框架,同时得出一些见解,这些见解代表了当前的理解并为未来的研究方向提供启示。这个扩展框架可能会激发未来朝着一个可称为 的新子领域开展研究工作,该领域将认知心理学原理调整或应用于网络安全领域,同时接纳网络安全领域特有的新观念和概念。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/531599ee8bcc/fpsyg-11-01755-g0003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/9531f6042b36/fpsyg-11-01755-g0001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/aef9555b18ef/fpsyg-11-01755-g0002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/531599ee8bcc/fpsyg-11-01755-g0003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/9531f6042b36/fpsyg-11-01755-g0001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/aef9555b18ef/fpsyg-11-01755-g0002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/9693/7554349/531599ee8bcc/fpsyg-11-01755-g0003.jpg

相似文献

1
Human Cognition Through the Lens of Social Engineering Cyberattacks.从社会工程网络攻击视角看人类认知
Front Psychol. 2020 Sep 30;11:1755. doi: 10.3389/fpsyg.2020.01755. eCollection 2020.
2
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review.人为因素对医疗机构网络安全的影响:系统综述。
Sensors (Basel). 2021 Jul 28;21(15):5119. doi: 10.3390/s21155119.
3
Using attack graphs to defend healthcare systems from cyberattacks: a longitudinal empirical study.利用攻击图防御医疗系统免受网络攻击:一项纵向实证研究。
Netw Model Anal Health Inform Bioinform. 2022;11(1):52. doi: 10.1007/s13721-022-00391-1. Epub 2022 Nov 16.
4
Spatiotemporal patterns and predictability of cyberattacks.网络攻击的时空模式与可预测性。
PLoS One. 2015 May 20;10(5):e0124472. doi: 10.1371/journal.pone.0124472. eCollection 2015.
5
Interconnected and resilient: A CGE analysis of AI-driven cyberattacks in global trade.相互关联且具有弹性:全球贸易中人工智能驱动的网络攻击的可计算一般均衡分析
Risk Anal. 2025 Apr;45(4):846-862. doi: 10.1111/risa.14321. Epub 2024 Jun 4.
6
Cybersecurity: Positive Changes Through Processes and Team Culture.网络安全:通过流程和团队文化实现积极变革。
Front Health Serv Manage. 2018 Fall;35(1):3-12. doi: 10.1097/HAP.0000000000000038.
7
Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.通过工作域分析检查关键基础设施的网络物理系统的网络安全。
Hum Factors. 2018 Aug;60(5):699-718. doi: 10.1177/0018720818769250. Epub 2018 Apr 17.
8
How Cyberattacks Terrorize: Cortisol and Personal Insecurity Jump in the Wake of Cyberattacks.网络攻击如何造成恐慌:网络攻击后皮质醇和个人不安全感飙升。
Cyberpsychol Behav Soc Netw. 2017 Feb;20(2):72-77. doi: 10.1089/cyber.2016.0338. Epub 2017 Jan 25.
9
Cybersecurity Testing for Automotive Domain: A Survey.汽车域的网络安全测试:综述
Sensors (Basel). 2022 Nov 26;22(23):9211. doi: 10.3390/s22239211.
10
Evaluating the adoption of cybersecurity and its influence on organizational performance.评估网络安全的采用情况及其对组织绩效的影响。
SN Bus Econ. 2023;3(5):97. doi: 10.1007/s43546-023-00477-6. Epub 2023 Apr 27.

引用本文的文献

1
The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19.新冠疫情骗局:新冠疫情期间网络钓鱼攻击及其应对措施调查
IET Inf Secur. 2022 Sep;16(5):324-345. doi: 10.1049/ise2.12073. Epub 2022 Jul 4.
2
Effect of Seeding Strategy on the Efficiency of Brand Spreading in Complex Social Networks.播种策略对复杂社会网络中品牌传播效率的影响。
Front Psychol. 2022 May 31;13:879274. doi: 10.3389/fpsyg.2022.879274. eCollection 2022.
3
How Good Are We at Detecting a Phishing Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to Successfully Deceive Society.

本文引用的文献

1
Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content.对鱼叉式网络钓鱼电子邮件的易感性:互联网用户人口统计学特征和电子邮件内容的影响。
ACM Trans Comput Hum Interact. 2019 Sep;26(5). doi: 10.1145/3336141.
2
Why Employees (Still) Click on Phishing Links: Investigation in Hospitals.为何员工(仍然)会点击网络钓鱼链接:医院调查
J Med Internet Res. 2020 Jan 23;22(1):e16775. doi: 10.2196/16775.
3
Hacking the Human: The Prevalence Paradox in Cybersecurity.《人体黑客:网络安全中的流行悖论》
我们在检测网络钓鱼攻击方面有多出色?调查不断演变的网络钓鱼攻击电子邮件及其持续成功欺骗社会的原因。
SN Comput Sci. 2022;3(2):170. doi: 10.1007/s42979-022-01069-1. Epub 2022 Feb 23.
4
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review.人为因素对医疗机构网络安全的影响:系统综述。
Sensors (Basel). 2021 Jul 28;21(15):5119. doi: 10.3390/s21155119.
Hum Factors. 2018 Aug;60(5):597-609. doi: 10.1177/0018720818780472.
4
Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks.创造性说服:网络钓鱼攻击中的对抗行为与策略研究
Front Psychol. 2018 Feb 21;9:135. doi: 10.3389/fpsyg.2018.00135. eCollection 2018.
5
Phishing suspiciousness in older and younger adults: The role of executive functioning.老年人和年轻人的网络钓鱼怀疑态度:执行功能的作用。
PLoS One. 2017 Feb 3;12(2):e0171620. doi: 10.1371/journal.pone.0171620. eCollection 2017.
6
Quantifying Phishing Susceptibility for Detection and Behavior Decisions.量化用于检测和行为决策的网络钓鱼易感性。
Hum Factors. 2016 Dec;58(8):1158-1172. doi: 10.1177/0018720816665025. Epub 2016 Aug 25.
7
Why Heuristics Work.启发法为何有效。
Perspect Psychol Sci. 2008 Jan;3(1):20-9. doi: 10.1111/j.1745-6916.2008.00058.x.
8
The effect of decentralized behavioral decision making on system-level risk.分散式行为决策对系统层面风险的影响。
Risk Anal. 2014 Dec;34(12):2121-42. doi: 10.1111/risa.12219. Epub 2014 Jul 1.
9
Stress and multiple memory systems: from 'thinking' to 'doing'.压力与多重记忆系统:从“思考”到“行动”。
Trends Cogn Sci. 2013 Feb;17(2):60-8. doi: 10.1016/j.tics.2012.12.001. Epub 2013 Jan 2.
10
Personalized persuasion: tailoring persuasive appeals to recipients' personality traits.个性化说服:根据接收者的个性特征调整说服诉求。
Psychol Sci. 2012 Jun;23(6):578-81. doi: 10.1177/0956797611436349. Epub 2012 Apr 30.