{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T21:19:46Z","timestamp":1783804786231,"version":"3.55.0"},"reference-count":23,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,8,2]],"date-time":"2021-08-02T00:00:00Z","timestamp":1627862400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,8,2]],"date-time":"2021-08-02T00:00:00Z","timestamp":1627862400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2017YFB0802804"],"award-info":[{"award-number":["2017YFB0802804"]}]},{"DOI":"10.13039\/501100001809","name":"Joint Fund of the National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U1766215"],"award-info":[{"award-number":["U1766215"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2021,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.<\/jats:p>","DOI":"10.1186\/s42400-021-00094-6","type":"journal-article","created":{"date-parts":[[2021,8,1]],"date-time":"2021-08-01T23:03:25Z","timestamp":1627859005000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":46,"title":["Social engineering in cybersecurity: a domain ontology and knowledge graph application examples"],"prefix":"10.1186","volume":"4","author":[{"given":"Zuoguang","family":"Wang","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3720-7403","authenticated-orcid":false,"given":"Hongsong","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Peipei","family":"Liu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,8,2]]},"reference":[{"key":"94_CR1","unstructured":"Alshanfari, I, Ismail R, N.Zaizi J. M, Wahid FA (2020) Ontology-based formal specifications for social engineering. Int J Technol Manag Inform Syst 2:35\u201346."},{"key":"94_CR2","first-page":"45","volume":"1","author":"A Chitrey","year":"2012","unstructured":"Chitrey, A, Singh D, Singh V (2012) A comprehensive study of social engineering based attacks in india to develop a conceptual model. Int J Inform Netw Secur 1:45.","journal-title":"Int J Inform Netw Secur"},{"key":"94_CR3","first-page":"51","volume":"2","author":"P Damle","year":"2002","unstructured":"Damle, P (2002) Social engineering: A tip of the iceberg. Inform Syst Control J 2:51\u201352.","journal-title":"Inform Syst Control J"},{"key":"94_CR4","doi-asserted-by":"publisher","unstructured":"Fang, B (2018a) The Definitions of Fundamental Concepts In: Cyberspace Sovereignty : Reflections on building a community of common future in cyberspace, 1\u201352.. Springer, Singapore. https:\/\/doi.org\/10.1007\/978-981-13-0320-3_1.","DOI":"10.1007\/978-981-13-0320-3_1"},{"key":"94_CR5","unstructured":"Fang, B (2018b) Define cyberspace security. Chin J Netw Inform Secur 4:1\u20135."},{"key":"94_CR6","first-page":"8","volume":"14","author":"RE Indrajit","year":"2017","unstructured":"Indrajit, RE (2017) Social Engineering Framework: Understanding the Deception Approach to Human Element of Security. Int J Comput Sci Issues (IJCSI) 14:8\u201316.","journal-title":"Int J Comput Sci Issues (IJCSI)"},{"key":"94_CR7","unstructured":"Ivaturi, K, Janczewski L (2011) A taxonomy for social engineering attacks In: International Conference on Information Resources Management, Centre for Information Technology, Organizations, and People, 1\u201312. https:\/\/aisel.aisnet.org\/cgi\/viewcontent.cgi?article=1015&context=confirm2011. Accessed 24 Sept 2017."},{"key":"94_CR8","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1007\/978-3-030-21290-2_16","volume-title":"Advanced Information Systems Engineering","author":"T Li","year":"2019","unstructured":"Li, T, Ni Y (2019) Paving Ontological Foundation for Social Engineering Analysis. In: Giorgini P Weber B (eds)Advanced Information Systems Engineering, 246\u2013260.. Springer International Publishing, Cham."},{"key":"94_CR9","first-page":"1694","volume":"9","author":"PS Maan","year":"2012","unstructured":"Maan, PS, Sharma M (2012) Social engineering: A partial technical attack. Int J Comput Sci Issues 9:1694\u20130814. https:\/\/pdfs.semanticscholar.org\/7e51\/0456042c26cade06d74ea755c774713c46cf.pdf.","journal-title":"Int J Comput Sci Issues"},{"key":"94_CR10","volume-title":"The Art of Deception: Controlling the Human Element of Security","author":"KD Mitnick","year":"2011","unstructured":"Mitnick, KD, Simon WL (2011) The Art of Deception: Controlling the Human Element of Security. Wiley, New York."},{"key":"94_CR11","first-page":"1","volume-title":"MUiCET","author":"CF Mohd Foozy","year":"2011","unstructured":"Mohd Foozy, CF, Ahmad R, Abdollah M, Robiah Y, Masud Z (2011) Generic Taxonomy of Social Engineering Attack In: MUiCET, 1\u20137.. UTHM, Batu Pahat."},{"key":"94_CR12","first-page":"266","volume-title":"ICT and Society, IFIP Advances in Information and Communication Technology","author":"F Mouton","year":"2014","unstructured":"Mouton, F, Leenen L, Malan MM, Venter HS (2014) Towards an Ontological Model Defining the Social Engineering Domain In: ICT and Society, IFIP Advances in Information and Communication Technology, 266\u2013279.. Springer, Berlin. https:\/\/link.springer.com\/chapter\/10.1007\/978-3-662-44208-1_22."},{"key":"94_CR13","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1145\/2757001.2757003","volume":"1","author":"MA Musen","year":"2015","unstructured":"Musen, MA, Prot\u00e9g\u00e9 Team (2015) The Prot\u00e9g\u00e9 Project: A Look Back and a Look Forward. AI Matters 1:4\u201312. https:\/\/pubmed.ncbi.nlm.nih.gov\/27239556. Accessed Aug 2020.","journal-title":"AI Matters"},{"key":"94_CR14","unstructured":"Neo, 4j community edition 3.5.19 (2020). https:\/\/neo4j.com\/download-center\/#community. Accessed Aug 2020."},{"key":"94_CR15","unstructured":"Noy, NF, McGuinness DL (2001) Ontology Development 101: A Guide to Creating Your First Ontology, Technical Report, Knowledge Systems Laboratory. https:\/\/protege.stanford.edu\/publications\/ontology_development\/ontology101.pdf. Accessed Aug 2020."},{"key":"94_CR16","unstructured":"Oosterloo, B (2008) Managing social engineering risk: making social engineering transparant, Ph.D. thesis, University of Twente. http:\/\/essay.utwente.nl\/59233\/1\/scriptie_B_Oosterloo.pdf. Accessed Oct 2017."},{"key":"94_CR17","volume-title":"Mitigation of Social Engineering Attacks in Corporate America","author":"KC Redmon","year":"2005","unstructured":"Redmon, KC (2005) Mitigation of Social Engineering Attacks in Corporate America. East Carolina University, Greenville."},{"key":"94_CR18","unstructured":"Research, D (2011) The Risk of Social Engineering on Information Security: A Survey of IT Professionals, Technical Report, Dimensional Research. https:\/\/www.stamx.net\/files\/The-Risk-of-Social-Engineering-on-Information-Security.pdf. Accessed Aug 2020."},{"key":"94_CR19","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/978-3-540-30176-9_41","volume-title":"Applied Computing","author":"A Simmonds","year":"2004","unstructured":"Simmonds, A, Sandilands P, van Ekert L (2004) An Ontology for Network Security Attacks. In: Manandhar S, Austin J, Desai U, Oyanagi Y, Talukder AK (eds)Applied Computing, 317\u2013323.. Springer Berlin Heidelberg, Berlin."},{"key":"94_CR20","first-page":"44","volume":"9","author":"F Tchakount\u00e9","year":"2020","unstructured":"Tchakount\u00e9, F, Molengar D, Ngossaha JM (2020) A Description Logic Ontology for Email Phishing. Int J Inform Secur Sci 9:44\u201363.","journal-title":"Int J Inform Secur Sci"},{"key":"94_CR21","volume-title":"Contributions of Understanding and Defending Against Social Engineering Attacks","author":"A Vedeshin","year":"2016","unstructured":"Vedeshin, A (2016) Contributions of Understanding and Defending Against Social Engineering Attacks. Department of Computer Science, Tallinn University of Technology, Tallinn. https:\/\/digikogu.taltech.ee\/testimine\/et\/Download\/081abe95-55b2-4d56-b552-9ef9b5106ada\/Kaitsetehnosotsiaalsesahkerdamisevastu.pdf. Accessed Nov 2020."},{"key":"94_CR22","doi-asserted-by":"publisher","first-page":"85094","DOI":"10.1109\/ACCESS.2020.2992807","volume":"8","author":"Z Wang","year":"2020","unstructured":"Wang, Z, Sun L, Zhu H (2020) Defining Social Engineering in Cybersecurity. IEEE Access 8:85094\u201385115. https:\/\/doi.org\/10.1109\/access.2020.2992807.","journal-title":"IEEE Access"},{"key":"94_CR23","doi-asserted-by":"publisher","first-page":"11895","DOI":"10.1109\/ACCESS.2021.3051633","volume":"9","author":"Z Wang","year":"2021","unstructured":"Wang, Z, Zhu H, Sun L (2021) Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access 9:11895\u201311910. https:\/\/doi.org\/10.1109\/ACCESS.2021.3051633.","journal-title":"IEEE Access"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00094-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-021-00094-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00094-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,1]],"date-time":"2021-08-01T23:18:59Z","timestamp":1627859939000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-021-00094-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,2]]},"references-count":23,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["94"],"URL":"https:\/\/doi.org\/10.1186\/s42400-021-00094-6","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8,2]]},"assertion":[{"value":"24 February 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 April 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 August 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"31"}}