-
Notifications
You must be signed in to change notification settings - Fork 0
/
C1.Introduction.tex
104 lines (60 loc) · 5.35 KB
/
C1.Introduction.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
% --------------------------------
% INTRODUCTION
% --------------------------------
\chapter{Introduction\label{chapter:intro}}
\begin{comment}
Guides:
- Page limit 2 pages
- Context, who needs, what is needed, why is it a problem
- Research question and research methodologies
- Summary of results
- What roles each section will have
- No subsections
- Second to last paragraph contains the research question (RQ) and the results?
- Include primary references most related to this thesis (AI, social engineering etc)
TODO:
[x] What is the research question
[ ] How is the research question answered
[x] How is this thesis organized, what is covered
[x] Social engineering before
[x] Social engineering today
What to cover:
- What is SE?
- Modern AI
- Emergence of ChatGPT and the like
- Attacks
- Deepfake synthetic content
- Highly personalized phishing content (natural language processing)
- Countermeasures
- User awareness & training programs
- Company policy & company culture
- Law and AI use guidelines, restrictions
Info from lecture materials:
- "Johdannon tarkoituksena on kertoa yleiskielisesti työn tavoite. Kerrotaan (kuten tiivistelmässäkin, mutta laveammin), mitä on tutkittu, miten on tutkittu ja mitä tuloksia on saatu. Jotta kysymyksenasettelu ja tulokset on lukijan helppo oikein tulkita on syytä aloittaa johdanto asettelemalla tutkimus asiayhteyteensä, esimerkiksi kertomalla aluksi, minkälaisessa yhteydessä tarkasteluun otettavat haasteet esiintyvät ja keiden on ratkaisuista tarkoitus hyötyä."
- "Johdannon pituus määräytyy suhteessa koko kirjoitelman pituuteen. Parisivuinen kirjoitus ei erikseen otsikoitua johdantoa kaipaa, sillä se itsessään on laajennettu tiivistelmä. Kymmensivuisen kirjoituksen johdanto voi olla vaikkapa sivun tai puolentoista mittainen. Pro gradu -tutkielman 50-70-sivuiseen kokonaisuuteen tuntuu 2-4-sivuinen johdanto kohtuulliselta."
- "Johdanto kertoo siis lyhyessä, yleistajuisessa muodossa koko kirjoitelman kysymyksenasettelun, juonen sekä tulokset ja johtopäätelmät. Tämän luettuaan lukija voi päätellä, haluaako syventyä asiaan tarkemmin lukemalla koko kirjoituksen."
\end{comment}
%
% Social engineering as a threat to cybersecurity
%
Social engineering has emerged as a significant threat in the digital age, impacting individuals and organizations worldwide. As a subdomain of cybersecurity, social engineering is the art and science of manipulating people into revealing confidential information or performing actions that may or may not be in their best interests~\citep{hadnagy_Social_Engineering_The_Science_2018}. Rather than looking for technical vulnerabilities, social engineering relies on human interaction and exploits weaknesses in human psychology~\citep{wang_Defining_Social_Engineering_2020}.
%
% Social engineering before and now
%
Traditionally, social engineering depended heavily on human intuition and manual effort to deceive its targets~\citep{mitnick_The_Art_of_Deception_2003}. However, with the advent of generative artificial intelligence (AI), the landscape of social engineering is undergoing a significant transformation, augmenting the sophistication and effectiveness of current and emerging attack methods~\citep{fakhouri_AI_Driven_Solutions_SE_Attacks_2024}.
%
% What this thesis addresses
%
This thesis addresses how contemporary social engineering defensive countermeasures need to be updated for the novel threats of generative AI. To achieve this, the thesis examines the intersection of generative AI and social engineering, detailing how advanced AI tools amplify the execution and impact of these attacks while discussing the necessary countermeasures.
%
%What attack vectors and tools are analyzed
%
Several social engineering attack vectors and tools are analyzed, including spear phishing with the help of chatbots like ChatGPT and impersonation using deepfake-generated content. Countermeasures that are discussed include AI-based detection of spear phishing and deepfakes, user training, and pertinent company policies, laws, and guidelines on AI development and usage.
%
% Countermeasures are insufficient
%
Contemporary countermeasures against social engineering attacks are ill-equipped to deal with the sophistication of AI-powered threats~\citep{blauth_AI_Crime_Overview_Malicious_Use_Abuse_2022, king_AI_Crime_Interdisciplinary_Analysis_2019}. Cybersecurity professionals must update their tools and strategies, and AI can play a valuable role in this area~\citep{fakhouri_AI_Driven_Solutions_SE_Attacks_2024, tsinganos_Towards_Automated_Recognition_Chat_SE_Enterprise_2018}.
%
% How is this thesis organized
%
The rest of the thesis is structured as follows: Chapter~\ref{chapter:definition} introduces social engineering, generative AI, and other essential concepts for further analysis. Chapter~\ref{chapter:attacks} examines relevant attack vectors and tools, including spear phishing and deepfake impersonation. Chapter~\ref{chapter:countermeasures} discusses both technological and human-oriented countermeasures against these attacks. The effectiveness and viability of these measures are assessed in Chapter~\ref{chapter:evaluation}. Chapter~\ref{chapter:conclusions} summarizes key findings and implications for the future of social engineering defense.