PAPO is a core ontology that aims to characterizes the process of phishing attack incidents by leveraging the Unified Foundational Ontology (UFO) and OntoUML. By addressing the ambiguities and inconsistencies in existing definitions of phishing attacks, PAPO seeks to support interoperability and clarity across various applications and facilitate phishing research. PAPO ontologically unpacks our characterization of the phishing attack process as a complex event wherein: (1) a phisher impersonates a reputable agent, (2) exploits the target's trust in this agent, (3) aims to trick the target into taking the attacker's desired action, (4) offering supposedly plausible reasons for this behavior.
Agent
"In UFO-C, there is a distinction between Agentive and Non-agentive substantial particulars: respectively, Agents and Objects. Agents can be physical (e.g., a person) or social (e.g., an organization, a society). Objects can also be further categorized in physical and social objects.Physical objects include a book, a tree, a car. Social objects include money, language and Normative Descriptions. A normative description defines one or more rules or norms recognized by at least one social agent and that can define nominal universals such as social moment universals (e.g., social commitment types), social objects (the crown of the king of Spain) and social roles such as president, prime minister, PhD candidate or pedestrian. Examples of normative descriptions include the Italian Constitution, the University of Twente PhD program regulations, but also a set of directives on how to perform some actions within an organization (a description of a plan). Agents are substantials that can bear special kinds of moments named Intentional Moments. Intentionality should be understood in a much broader context than the notion of “intending something”, but as the capacity of some proper-ties of certain individuals to refer to possible situations of reality.
Guizzardi, G., de Almeida Falbo, R. and Guizzardi, R.S., 2008, February. Grounding software domain ontologies in the unified foundational ontology (ufo): the case of the ode software process ontology. In CIbSE (pp. 127-140)."@e
Belief
In UFO-C, a belief is an Intentional Moment that inheres in an Agent. It can be justified or frustrated by situations."@e
Fraud
Successful Phishing Attack Executions enable different Frauds. The latter include Extortion and Identity Theft. Fraud is a criminal event enabled by a successful Phishing Attack Execution. So, Fraud is not part of a Phishing Attack Execution but it may compose a Phishing Attack Process."@e
FulfillmentOfPhishersRequest
An event wherein a Target answers the Phisher's request. The exact form of this answer depends on the type of phishing attack. So, this event can generalize at least three others: (a) Malware-based attack; (b) Target replies Phisher with requested asset; (c) Webpage-based attack.
Fulfillment of Phisher's Request corresponds to what is known as "falling for a phishing attack"."@e
Hook
According to Markus Jakobsson, the hook often consists of a website that emulates the appearance of a reputable agent, such as Microsoft's login website. The goal of the hook is for victims to be directed to it via the lure message and for the victims to disclose confidential information in it."@e
ImpersonatedReputableAgent
An Agent impersonated by the Phisher. It is very often a company or an organization previously trusted by the Phishing Target."@e
Influence
Influence is a relator that aggregates Intrinsic Aspects that affect the formation of Beliefs. Its attribute weight describes the degree of this effect.
Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e
Intention
In UFO-C, Intentions are desired state of affairs for which the agent commits at pursuing (internal commitment) (e.g., the Intention of going to a beach resort for the next summer break). For this reason, intentions cause the agent to perform Actions. The propositional content of an Intention is a Goal. The precise relation between an intentional moment and a situation is the following: situation in reality can satisfy the propositional content of an intentional moment (i.e., satisfy - in the logical sense – the proposition representing that propositional content).
Guizzardi, G., de Almeida Falbo, R. and Guizzardi, R.S., 2008, February. Grounding software domain ontologies in the unified foundational ontology (ufo): the case of the ode software process ontology. In CIbSE (pp. 127-140)."@e
LureMessage
A Message that plays the role of luring and tricking Phishing Targets to obtain Target Asset. Lure Message sends Trust Calibration Signals based on its content, such as a company logo. Examples include e-mails, SMS, direct message on social media, etc."@e
LureMessageArrival
An event wherein a Lure Message arrives to the Target via whatever medium is used."@e
LureMessageDispatch
An event wherein a Phisher sends a Lure Message by some means, such as sending an email, SMS, a direct message on a social network, or making a phone call. It necessarily composes a Phishing Attack Execution."@e
LureMessagePerception
An event wherein a Phishing Target somehow perceives a Lure Message. For example, by reading an email."@e
MentalAttitude
In UFO-C, Intentions are a type of Intentional Aspect, along with beliefs and desires. However, there are other types of Intentional Aspects.Philosophers, psychologists, and cognitive scientists call them "mental attitudes'' or "propositional attitudes''. Attitude reports are sentences concerning cognitive relations people bear to propositions. Just like we can believe, desire, and intend, we can also know, learn, regret, imagine, fear, wish, want, pretend, suppose, surmise, suspect, predict, speculate, doubt, prove, disprove, infer, expect, and so on. These are all propositional attitudes. There is a wide range of literature on what exactly they are and whether they even exist.
See: https://iep.utm.edu/prop-ati/, https://plato.stanford.edu/entries/prop-attitude-reports/."@e
Person
Human being. Any member of Homo sapiens, unique extant species of the genus Homo. A subtype of physical agent"@e
Phisher
An Agent that participates in a Phishing Attack Process by being the actor of the Phishing Attack Planning, Preparation, and Execution."@e
PhishingAttackCapability
Capabilities whose manifestations are the events of a Phishing Attack Execution."@e
PhishingAttackExecution
A successful Phishing Attack Execution (or a phishing incident) is an event composed by at least four others in a temporal order: (a) Lure Message Dispatch (by the Phisher), (b) Lure Message Arrival, (c) Phishing Target perceives Lure Message, (d) Target answers the Phisher's request. Failed attempts of Phishing Attack Execution must have at least the first event (Phisher dispatches Lure Message). Phishing Attack Execution describes what is commonly considered a phishing attack and its basic steps."@e
PhishingAttackPlanning
An event wherein a Phisher creates a Phishing Plan and makes important decisions for the rest of the Phishing Attack Process, such as deciding impersonated agent, fraud type, attack method, attack goal, targets, communication medium, etc."@e
PhishingAttackPreparation
Phishing Attack Preparation is an event wherein a Phisher proceeds with necessary preparations for the Phishing Attack Execution. This means the Phisher acquires threatening capabilities for the attack execution, such as knowledge and tools (for example, phishing kits)."@e
PhishingAttackProcess
PAPO describes a Phishing Attack Process as a complex event that is necessarily composed of planning, preparation, and execution with optional subsequent fraud and post-attack events. Phishing Attack Preparation is historically dependent on Phishing Attack Planning, and Phishing Attack Execution is historically dependent on Phishing Attack Preparation. This represents a temporal causal order of Threat Events and Loss Events. Although Fraud and Post-Attack Phase may not occur as part of a Phishing Attack Process, they are historically dependent on Phishing Attack Execution."@e
PhishingEnabler
A Phishing Enabler is an ancillary object that enables the Phishing Attack Execution. Hook webpages are examples of Phishing Enablers."@e
PhishingParticipantTrustee
Phishing Participant Trustee generalizes Lure Message, Impersonated Reputable Agent, and Hook. It denotes the entities possibly trusted by the Phishing Target. A Trustee is the Agent or Object being trusted by an Agent for a given purpose, according to certain beliefs of this Agent (Trustor).
Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e
PhishingPlan
A relational entity created by a Phishing Attack Planning mediating several entities that participates in a Phishing Attack Process."@e
PhishingTarget
An Agent that participates in a Phishing Attack Process by being targeted in a Phishing Plan and possibly participating in other events of the phishing attack process."@e
PostAttackPhase
Post-Attack Phase includes all events wherein a Phisher seeks to protect themselves against measures that can incriminate them, for example, by destroying evidence of a Phishing Attack Execution. Post-Attack Phase also includes the Phisher assessment of a Phishing Attack Execution."@e
TargetAsset
A valuable object targeted by a Phishing Plan."@e
TargetFragility
A subtype of Vulnerability that inheres in a Phishing Target. It describes the intrinsic properties of a Target that make them fall for a phish. It includes ignorance, inexperience, prejudice or bias, conformity, intuitive judgment, low level of need for cognition, heuristics, mental shortcuts, laziness, curiosity, fear, habits, anger, excitement, tension, happiness, sadness, disgust, guilt, surprise, greed, lust, neuroticism, and many others."@e
TargetTrust
The Reference Ontology of Trust (ROT) defines Trust as a complex mental state of a Trustor Agent, composed of an Intention related to a goal, for the achievement of which he counts upon the Trustee, and a set of Beliefs about the Trustee and its behavior.
Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e
TrustBasedAction
Events that are the manifestation of the Target Trust."@e
Vulnerability
Vulnerabilities are dispositions whose manifestations are undesired events, as in “the fragility of my phone's screen material makes it susceptible to breaking”.
Sales, T.P., Baião, F., Guizzardi, G., Almeida, J.P.A., Guarino, N. and Mylopoulos, J., 2018. The common ontology of value and risk. In Conceptual Modeling: 37th International Conference, ER 2018, Xi'an, China, October 22–25, 2018, Proceedings 37 (pp. 121-135). Springer International Publishing."@e
