Toward a phishing attack ontology

Ítalo Oliveira*, Rodrigo F. Calhau, Giancarlo Guizzardi

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

34 Downloads (Pure)

Abstract

Phishing attacks are the most common form of social engineering where attackers intend to deceive targeted people into revealing sensitive information or installing malware. To understand the dynamics of phishing attacks and design suitable countermeasures, particularly the promotion of phishing awareness, cybersecurity researchers have proposed several domain conceptual models and lightweight ontologies. Despite the growing literature in ontology engineering highlighting the advantages of employing upper and reference ontologies for domain modeling, current phishing attack models lack ontological foundations. As a result, they suffer from a number of shortcomings, such as false agreements, informality, and limited interoperability. To address this gap, we propose a Phishing Attack Ontology (PHATO) grounded in the Reference Ontology for Security Engineering (ROSE) and the Common Ontology of Value and Risk (COVER), which are both founded in the Unified Foundational Ontology (UFO). Our proposal is represented through the OntoUML ontology-driven conceptual modeling language, benefiting from its ecosystem of tools and domain ontologies. We also discuss some implications of PHATO for the design of anti-phishing countermeasures.

Original languageEnglish
Title of host publicationER-Companion 2023
Subtitle of host publicationCompanion Proceedings of the 42nd International Conference on Conceptual Modeling: ER Forum, 7th SCME, Project Exhibitions, Posters and Demos, and Doctoral Consortium co-located with ER 2023 Lisbon, Portugal, November 06-09, 2023
EditorsClaudenir M. Fonseca, José Borbinha, Giancarlo Guizzardi
Place of PublicationAachen
PublisherCEUR
Number of pages13
Publication statusPublished - Nov 2023
Event42nd International Conference on Conceptual Modeling, ER 2023 - Congress Center of the Instituto Superior Técnico, Lisbon, Portugal
Duration: 6 Nov 20239 Nov 2023
Conference number: 42
https://er2023.inesc-id.pt/

Publication series

NameCEUR workshop proceedings
PublisherRheinisch Westfälische Technische Hochschule
Volume3618
ISSN (Print)1613-0073

Conference

Conference42nd International Conference on Conceptual Modeling, ER 2023
Abbreviated titleER
Country/TerritoryPortugal
CityLisbon
Period6/11/239/11/23
Internet address

Keywords

  • Common ontology of value and risk
  • Cybersecurity
  • Phishing attack
  • Phishing attack ontology
  • Reference ontology for security engineering
  • Social engineering
  • Unified Foundational Ontology (UFO)

Fingerprint

Dive into the research topics of 'Toward a phishing attack ontology'. Together they form a unique fingerprint.

Cite this