PAPO: A Phishing Attack Process Ontology

Agent

"In UFO-C, there is a distinction between Agentive and Non-agentive substantial particulars: respectively, Agents and Objects. Agents can be physical (e.g., a person) or social (e.g., an organization, a society). Objects can also be further categorized in physical and social objects.Physical objects include a book, a tree, a car. Social objects include money, language and Normative Descriptions. A normative description defines one or more rules or norms recognized by at least one social agent and that can define nominal universals such as social moment universals (e.g., social commitment types), social objects (the crown of the king of Spain) and social roles such as president, prime minister, PhD candidate or pedestrian. Examples of normative descriptions include the Italian Constitution, the University of Twente PhD program regulations, but also a set of directives on how to perform some actions within an organization (a description of a plan). Agents are substantials that can bear special kinds of moments named Intentional Moments. Intentionality should be understood in a much broader context than the notion of “intending something”, but as the capacity of some proper-ties of certain individuals to refer to possible situations of reality. Guizzardi, G., de Almeida Falbo, R. and Guizzardi, R.S., 2008, February. Grounding software domain ontologies in the unified foundational ontology (ufo): the case of the ode software process ontology. In CIbSE (pp. 127-140)."@e

Belief

In UFO-C, a belief is an Intentional Moment that inheres in an Agent. It can be justified or frustrated by situations."@e

Complacency

Curiosity

DesireToPlease

Distraction

Email

Fear

Fraud

Successful Phishing Attack Executions enable different Frauds. The latter include Extortion and Identity Theft. Fraud is a criminal event enabled by a successful Phishing Attack Execution. So, Fraud is not part of a Phishing Attack Execution but it may compose a Phishing Attack Process."@e

FulfillmentOfPhishersRequest

An event wherein a Target answers the Phisher's request. The exact form of this answer depends on the type of phishing attack. So, this event can generalize at least three others: (a) Malware-based attack; (b) Target replies Phisher with requested asset; (c) Webpage-based attack. Fulfillment of Phisher's Request corresponds to what is known as "falling for a phishing attack"."@e

Greed

HookWebpage

According to Markus Jakobsson, the hook often consists of a website that emulates the appearance of a reputable agent, such as Microsoft's login website. The goal of the hook is for victims to be directed to it via the lure message and for the victims to disclose confidential information in it."@e

Hurry

Ignorance

ImpersonatedReputableAgent

An Agent impersonated by the Phisher. It is very often a company or an organization previously trusted by the Phishing Target."@e

IndividualPhisher

Influence

Influence is a relator that aggregates Intrinsic Aspects that affect the formation of Beliefs. Its attribute weight describes the degree of this effect. Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e

Innocence

Intention

In UFO-C, Intentions are desired state of affairs for which the agent commits at pursuing (internal commitment) (e.g., the Intention of going to a beach resort for the next summer break). For this reason, intentions cause the agent to perform Actions. The propositional content of an Intention is a Goal. The precise relation between an intentional moment and a situation is the following: situation in reality can satisfy the propositional content of an intentional moment (i.e., satisfy - in the logical sense – the proposition representing that propositional content). Guizzardi, G., de Almeida Falbo, R. and Guizzardi, R.S., 2008, February. Grounding software domain ontologies in the unified foundational ontology (ufo): the case of the ode software process ontology. In CIbSE (pp. 127-140)."@e

Loneliness

LureEmail

LureMessage

A Message that plays the role of luring and tricking Phishing Targets to obtain Target Asset. Lure Message sends Trust Calibration Signals based on its content, such as a company logo. Examples include e-mails, SMS, direct message on social media, etc."@e

LureMessageArrival

An event wherein a Lure Message arrives to the Target via whatever medium is used."@e

LureMessageDispatch

An event wherein a Phisher sends a Lure Message by some means, such as sending an email, SMS, a direct message on a social network, or making a phone call. It necessarily composes a Phishing Attack Execution."@e

LureMessagePerception

An event wherein a Phishing Target somehow perceives a Lure Message. For example, by reading an email."@e

MentalAttitude

In UFO-C, Intentions are a type of Intentional Aspect, along with beliefs and desires. However, there are other types of Intentional Aspects.Philosophers, psychologists, and cognitive scientists call them "mental attitudes'' or "propositional attitudes''. Attitude reports are sentences concerning cognitive relations people bear to propositions. Just like we can believe, desire, and intend, we can also know, learn, regret, imagine, fear, wish, want, pretend, suppose, surmise, suspect, predict, speculate, doubt, prove, disprove, infer, expect, and so on. These are all propositional attitudes. There is a wide range of literature on what exactly they are and whether they even exist. See: https://iep.utm.edu/prop-ati/, https://plato.stanford.edu/entries/prop-attitude-reports/."@e

Organization

Person

Human being. Any member of Homo sapiens, unique extant species of the genus Homo. A subtype of physical agent"@e

Phisher

An Agent that participates in a Phishing Attack Process by being the actor of the Phishing Attack Planning, Preparation, and Execution."@e

PhisherOrganization

PhishingAttackCapability

Capabilities whose manifestations are the events of a Phishing Attack Execution."@e

PhishingAttackExecution

A successful Phishing Attack Execution (or a phishing incident) is an event composed by at least four others in a temporal order: (a) Lure Message Dispatch (by the Phisher), (b) Lure Message Arrival, (c) Phishing Target perceives Lure Message, (d) Target answers the Phisher's request. Failed attempts of Phishing Attack Execution must have at least the first event (Phisher dispatches Lure Message). Phishing Attack Execution describes what is commonly considered a phishing attack and its basic steps."@e

PhishingAttackPlanning

An event wherein a Phisher creates a Phishing Plan and makes important decisions for the rest of the Phishing Attack Process, such as deciding impersonated agent, fraud type, attack method, attack goal, targets, communication medium, etc."@e

PhishingAttackPreparation

Phishing Attack Preparation is an event wherein a Phisher proceeds with necessary preparations for the Phishing Attack Execution. This means the Phisher acquires threatening capabilities for the attack execution, such as knowledge and tools (for example, phishing kits)."@e

PhishingAttackProcess

PAPO describes a Phishing Attack Process as a complex event that is necessarily composed of planning, preparation, and execution with optional subsequent fraud and post-attack events. Phishing Attack Preparation is historically dependent on Phishing Attack Planning, and Phishing Attack Execution is historically dependent on Phishing Attack Preparation. This represents a temporal causal order of Threat Events and Loss Events. Although Fraud and Post-Attack Phase may not occur as part of a Phishing Attack Process, they are historically dependent on Phishing Attack Execution."@e

PhishingEnabler

A Phishing Enabler is an ancillary object that enables the Phishing Attack Execution. Hook webpages are examples of Phishing Enablers."@e

PhishingParticipantTrustee

Phishing Participant Trustee generalizes Lure Message, Impersonated Reputable Agent, and Hook. It denotes the entities possibly trusted by the Phishing Target. A Trustee is the Agent or Object being trusted by an Agent for a given purpose, according to certain beliefs of this Agent (Trustor). Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e

PhishingPlan

A relational entity created by a Phishing Attack Planning mediating several entities that participates in a Phishing Attack Process."@e

PhishingTarget

An Agent that participates in a Phishing Attack Process by being targeted in a Phishing Plan and possibly participating in other events of the phishing attack process."@e

PostAttackPhase

Post-Attack Phase includes all events wherein a Phisher seeks to protect themselves against measures that can incriminate them, for example, by destroying evidence of a Phishing Attack Execution. Post-Attack Phase also includes the Phisher assessment of a Phishing Attack Execution."@e

TargetAsset

A valuable object targeted by a Phishing Plan."@e

TargetFragility

A subtype of Vulnerability that inheres in a Phishing Target. It describes the intrinsic properties of a Target that make them fall for a phish. It includes ignorance, inexperience, prejudice or bias, conformity, intuitive judgment, low level of need for cognition, heuristics, mental shortcuts, laziness, curiosity, fear, habits, anger, excitement, tension, happiness, sadness, disgust, guilt, surprise, greed, lust, neuroticism, and many others."@e

TargetTrust

The Reference Ontology of Trust (ROT) defines Trust as a complex mental state of a Trustor Agent, composed of an Intention related to a goal, for the achievement of which he counts upon the Trustee, and a set of Beliefs about the Trustee and its behavior. Amaral, G., Sales, T.P., Guizzardi, G. and Porello, D., 2021. Ontological foundations for trust management: extending the reference ontology of trust. In CEUR workshop proceedings (Vol. 2835, pp. 12-22). Rheinisch Westfälische Technische Hochschule."@e

TrustBasedAction

Events that are the manifestation of the Target Trust."@e

Urgency

Vulnerability

Vulnerabilities are dispositions whose manifestations are undesired events, as in “the fragility of my phone's screen material makes it susceptible to breaking”. Sales, T.P., Baião, F., Guizzardi, G., Almeida, J.P.A., Guarino, N. and Mylopoulos, J., 2018. The common ontology of value and risk. In Conceptual Modeling: 37th International Conference, ER 2018, Xi'an, China, October 22–25, 2018, Proceedings 37 (pp. 121-135). Springer International Publishing."@e

VulnerabilityCondition

Webpage