Social Engineering has emerged as a significant threat in cyber security. In a dialog based attack, by having enough of a potential victim's personal data to be convincing, a social engineer impersonates the victim in order to manipulate the attack's target into revealing sufficient information for accessing the victim's accounts etc. We utilise the developing understanding of human information processing in the Information Sciences to characterise the vulnerability of the target to manipulation and to propose a form of countermeasure. Our focus is on the possibility of the social engineer being able to build the victim's profile by, in part, inferring personal attribute values from statistical information available either informally, from general knowledge, or, more formally, from some public database. We use an orthogonalised log linear analysis of data in the form of a contingence table to develop a measure of how susceptible particular subtables are to probabilistic inference as the basis for our proposed countermeasure. This is based on the observation that inference relies on a high degree of non-uniformity and exploits the orthogonality of the analysis to define the measure in terms of subspace projections.

翻译：社会工程已成为网络安全领域的重大威胁。在基于对话的攻击中，社会工程师通过获取足够数量的潜在受害者个人数据以增强可信度，假冒受害者身份操纵攻击目标，诱使其泄露足以访问受害者账户等信息。我们利用信息科学领域对人类信息处理机制的最新认知，刻画攻击目标易受操纵的脆弱性特征，并提出相应的对抗措施。研究聚焦于社会工程师通过非正式渠道（如常识）或正式渠道（如公共数据库）获取统计数据，进而推断受害者个人属性特征并构建其画像的可能性。我们采用正交化对数线性分析方法对列联表形式的数据进行分析，提出衡量特定子表对概率推断敏感程度的指标，并以此为基础构建对抗措施。该方法基于如下认知：概率推断依赖于数据的高度非均匀性，并利用分析的正交特性通过子空间投影定义该度量标准。