Social Attackability Metrics for Software Systems

摘要

Software based system have become ubiquitous in modern day activities. Software system based system are being increasing attacked, leading to the need for software system administrators, and managers to have some metrics at predicting the social engineering attackability of a such system. Researchers have identified seven human traits/attributes that make human susceptible to social engineering attacks. Yet they did not model nor come up metrics. The author has published a conceptual a holistic predictive attackability metric model and corresponding metrics to assist the system designers. The model considers the technical metrics based on cohesion, coupling and complexity as used to predict attackability. It also consider the social metrics based on human traits that make the human operators become susceptible to social engineering attacks. The identified human traits are dishonesty, social compliance, Kindness,Time pressure, Herd mentality, greedeed and distraction. This paper considers only the social metrics part of the model.To measure human traits the authors relies on the HEXACO model and Big Five personality trait models. In these model the personality trait are measured using a ranking scale based on Lickert scale. Hence each trait is measured as a percentile. However, for purpose of this paper, to postulate the metric the author considered the discrete case. Why the value of trait take either a value of "1" or "0". To determine the relationship between traits between and attackability experts were asked to assess the trait versus attackability from which after aggregating for all traits a social attackability metrics was determined. To determine the predictive social attackability metrics each trait was considered to be equally likely to occur and hence a probability of 1/7 and this acts as factor to transform the social attackability metric into predictive attackability metrics.