Method for assessing the risk of user compromise based on individual security profile
Article Sidebar
Issue Vol. 16 No. 1 (2026)
-
Efficient CNN-based classification of white blood cells: a comparative study of model performance
5-9
-
Automated skin cancer diagnosis using deep learning: a systematic review of state-of-the-art architectures, techniques and performance evaluation
10-20
-
Enhancing driver safety with ECG-based emotion recognition using BiLSTM networks
21-28
-
An automated system for calibration table calculation of cylindrical horizontal tanks
29-34
-
Control of water–diesel emulsion stability using turbidity measurements
35-41
-
Improving the induction motor starting mode under a voltage drop conditions
42-47
-
Modelling of dynamic modes in a DC motor for electric vehicle
48-55
-
Development and analysis of power grid failure scenarios using ontology, power flow model, and knowledge graph
56-61
-
Kinetics of grain material drying in installations with intermittent energy supply by microwave and infrared radiation
62-66
-
Smartphone shell temperature controller automatic tuning method
67-71
-
Using FPGA for modelling and generating chaotic processes
72-77
-
Simulation and electronic design of a chaotic 5d artificial neural network
78-83
-
Intelligent DL-SCH/PDSCH processing chain in 5G with adaptive HARQ mechanism
84-93
-
Exploring generative models for remote sensing: a comprehensive review
94-98
-
Ensemble noise-aided bit flipping decoding of low-density parity-check codes
99-103
-
Knowledge sharing in Independent Deep Q-Network
104-108
-
Detection of humans in drone images using deep learning techniques
109-115
-
Comparative analysis of DeepSORT, ByteTrack and StrongSORT algorithms for multi-object tracking in UAV-based video surveillance
116-120
-
Highly efficient approaches to processing complex visual data in decision support systems
121-125
-
Anti-aliasing method for second-order curves on a hexagonal raster
126-129
-
Method for assessing the risk of user compromise based on individual security profile
130-137
-
Positional coding method in differential wave space
138-146
-
Web platform with Checkbox support: aspects of fiscal accounting, reporting, and interaction with tax authorities
147-154
-
Comparative analysis of web development frameworks in PHP: Codeigniter, Cakephp and Yii
155-161
-
Crop price forecasting using a Temporal Fusion Transformer for Krishna district of Andhra Pradesh
162-170
-
Model of packet transmission of text data using SDR in the GNU Radio Companion environment
171-176
-
Modelling of a pull-flow production system with dynamic buffer stock control
177-182
Main Article Content
DOI
Authors
Abstract
This article presents a method for assessing the risk of user compromise in corporate information systems caused by social engineering cyberattacks. The approach integrates an evaluation of the individual security profile of each user – based on psychological, organizational, technical, and information influence factors – with graph-based modelling of internal interactions within the organization. Unlike most existing methods that focus solely on isolated user characteristics or assume a single-stage (direct) cyberattack scenario, the proposed method accounts for the propagation of cyberattacks through multi-stage trajectories in communication networks. A formalized four-phase model of social engineering cyberattack implementation is developed, with each phase described as a function of interacting factors. Conditional probabilities are estimated using dynamic coefficients that reflect both the base value and the contextual impact of modifying factors. A graph-based procedure is introduced to calculate the probability of multi-stage compromise based on the structure and intensity of user interactions (e.g., project participation, communication frequency, hierarchical relationships, and shared access to information assets). The proposed method was validated through individual user security profiling, followed by scenario-based modeling of multi-stage social engineering attack propagation on a representative subset. Results show that users with strong individual protection can remain vulnerable due to their position in critical communication chains. The visualization of trajectories exceeding a defined probability threshold supports the identification of high-risk paths and intermediary nodes that require prioritized protection measures. The main scientific contribution lies in combining individualized risk assessment with system-level propagation modelling using interpretable and adaptable mathematical constructs. The method does not require large volumes of empirical data, which ensures its practical applicability even in conditions of limited access to internal information. Future research will focus on automating data collection for factor assessment, adapting the model for real-time operation, and extending it through advanced modelling of behavioral attack scenarios.
