Network Security Penetration Testing Model Based On Social Engineering

With the further development of the various sectors of information technology, networking, e-commerce and e-government applications, though the level of information security technologies continues to improve, due to the increase of the non-computer professionals, network security is-sues led by social engineering in various industries are also increasingly prominent. Thus, the network security research of social engineering, computer systems, network systems, and the en-tire information infrastructure has become a pressing issue.This paper presents an innovative network security penetration testing model based on social engineering, used to detect the degree of the threat from social engineering the institutions suf-fered. By analyzing the target model simulating unstructured attack process put forwarded by the former Soviet world chess champion Garry Kasparov, it directly use this model to simulate the processes of the unstructured social workers attack. By drawing a mental model of Kevin Mitnick, the founder of social engineering, it summarized and sampled a complete system and means of social engineering attack. Finally, combined with the achievement motivation model and attribu-tion theory, it extracted effective factors and threat assessment from such unstructured attack process, and established its mathematical model to get the value of the risk of social engineering.The empirical research method is used in this paper by using LISREL as model research tool. For the data, this paper does basic descriptive statistics, reliability analysis, validity analysis, the model goodness-of-fit analysis, and hypothesis testing, and reveals a direct or indirect impact of the various factors involved in the model to the network security threats of the agency. By inves-tigation and study about real data of the professional network security institutions and group en-terprises, it confirmed that the model can relatively complete assess the security posture of the system organization before social engineering attacks, provided reliable data to support for the prevention of such attacks, well supplemented the defects of traditional social engineering attacks which cannot be detected penetration testing model.