Human Factors in Cybersecurity最新文献

{"title":"Estimating Attackers’ Profiles Results in More Realistic Vulnerability Severity Scores","authors":"K. Kioskli, Nineta Polemi","doi":"10.54941/ahfe1002211","DOIUrl":"https://doi.org/10.54941/ahfe1002211","url":null,"abstract":"Digitalization is moving at an increasing speed in all sectors of the economy. Along with it the cybersecurity threats and attacks continue to rise rapidly. Enterprises in all economic sectors are imposed to constantly assess the vulnerabilities (weaknesses) of their Information and Communication Systems (ICT) and further estimate their severity, to avoid exploitability by targeted cyber-attacks. Attacks may have catastrophic consequences (impacts), including the disruption or termination of operations, economic damages, long-term damaged reputation, customer loss, lawsuits, and fines. Organisations need to undertake mitigating actions and technical controls to lower the severity of the vulnerabilities and protect their ICT assets. However, security measures are expensive, especially for small companies. Cybersecurity is considered a burden to the Small-Medium Enterprises (SMEs) and not a marketing advantage, while cost is their biggest challenge. We need to be as realistic as possible in the vulnerability severity scoring, to decrease the security costs for smaller companies and simultaneously prevent potential attackers to exploit their assets. Identifying the potential attacker for each sector and company is the first step in building resilience. The classifications for attackers are usually based on whether they are internal, or by their means and capabilities, such as knowledge of the organization’s resources, including personnel, facilities, information, equipment, networks, and systems. In 2021, ENISA published a sector-specific taxonomy based on opportunities, means, motives and sectors or products they wish to attack. In all existing classifications, psychological, behavioural, and social traits of the attackers are neither measured nor considered. The existing security scoring systems concentrate on technical severity, not considering the human factors with practical methods such as via the external or internal attackers’ profile in their calculations. The Common Vulnerability Scoring System (CVSS) is a standard and widely adopted measure for vulnerabilities’ severity. CVSS assumes that the potential attacker will be highly skilled, but it does not consider any other human factors which may be involved. Our work, in the latest years, targets to bridge psychosocial advancements, including human, behavioural, and psychosocial factors, with cybersecurity efforts to improve and reach a realistic cyber-resilient state within the information systems. The overarching objective of the present paper is to further contribute to providing realistic vulnerability severity scoring. Our main aim is to show that the CVSS scores are not unique for every vulnerability but vary depending on the potential attacker. Based on the organisations’ cyber threat intelligence (CTI) level, the sectoral threats can be identified, and the profiles of their potential attackers can be predicted. In this paper, we measure the attackers’ profiles and use these values in","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"324 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116824299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Social Engineering and Human-Robot Interactions' Risks","authors":"Ilenia Mercuri","doi":"10.54941/ahfe1002199","DOIUrl":"https://doi.org/10.54941/ahfe1002199","url":null,"abstract":"Modern robotics seems to have taken root from the theories of Isaac Asimov, in 1941. One area of research that has become increasingly popular in recent decades is the study of artificial intelligence or A.I., which aims to use machines to solve problems that, according to current opinion, require intelligence. This is related to the study on “Social Robots”. Social Robots are created in order to interact with human beings; they have been designed and programmed to engage with people by leveraging a \"human\" aspect and various interaction channels, such as speech or non-verbal communication. They therefore readily solicit social responsiveness in people who often attribute human qualities to the robot. Social robots exploit the human propensity for anthropomorphism, and humans tend to trust them more and more. Several issues could arise due to this kind of trust and to the ability of “superintelligence” to \"self-evolve\", which could lead to the violation of the purposes for which it was designed by humans, becoming a risk to human security and privacy. This kind of threat concerns social engineering, a set of techniques used to convince users to perform a series of actions that allow cybercriminals to gain access to the victims' resources. The Human Factor is the weakest ring of the security chain, and the social engineers exploit Human-Robots Interaction to persuade an individual to provide private information.An important research area that has shown interesting results for the knowledge of the possibility of human interaction with robots is \"cyberpsychology\". This paper aims to provide insights into how the interaction with social robots could be exploited by humans not only in a positive way but also by using the same techniques of social engineering borrowed from \"bad actors\" or hackers, to achieve malevolent and harmful purposes for man himself. A series of experiments and interesting research results will be shown as examples. In particular, about the ability of robots to gather personal information and display emotions during the interaction with human beings. Is it possible for social robots to feel and show emotions, and human beings could empathize with them? A broad area of research, which goes by the name of \"affective computing\", aims to design machines that are able to recognize human emotions and consistently respond to them. The aim is to apply human-human interaction models to human-machine interaction. There is a fine line that separates the opinions of those who argue that, in the future, machines with artificial intelligence could be a valuable aid to humans and those who believe that they represent a huge risk that could endanger human protection systems and safety. It is necessary to examine in depth this new field of cybersecurity to analyze the best path to protect our future. Are social robots a real danger? Keywords: Human Factor, Cybersecurity, Cyberpsychology, Social Engineering Attacks, Human-Robot Interaction, Roboti","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121269599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyberdefense Adaptive Training Based on the Classification of Operator Cognitive State","authors":"Yvan Burguin, D. Espès, Philippe Rauffet, C. Chauvin, Philippe Le Parc","doi":"10.54941/ahfe1002202","DOIUrl":"https://doi.org/10.54941/ahfe1002202","url":null,"abstract":"To face the increasing number and the variety of cyberattacks, training and adaptation of cyberdefense operators become critical and should be managed all along their careers. Thus, it is necessary to develop adaptive training methods that are able to quickly detect operators' weaknesses and to propose a strategy to reinforce their skills on these points. This paper presents the choice of a cognitive model in order to guide the development of an adaptive training software. In this regard, the paper proposes a review of several elements that contributed to the development of the model.Cyberattacks are continuously increasing in variety and number, and therefore require a constant adaptation from the operator who must react to each attack with rapidity and efficiency. To face these changes, cyber operators must be trained regularly.This training aims to: 1) maintain knowledge of cyber operators up to date, 2) train cyber operators to use new tools and 3) allow cyber operators to appropriately react to new attacks.In this regard, adaptive training softwares support the training of cyberdefense operators in order to improve their performance in real conditions. To propose an adaptive training software, there are several requirements to satisfy such as an ecological environment, a system to adapt the training scenario autonomously and a way to assess the difficulties experienced by the trainee. To support this dynamic and customised adaptation of the training scenario, it is important to detect or predict when errors may occur. For this purpose, behavioural and physiological data can be used to assess the variations in performance and mental workload that can lead to an error. This paper deals with the choice of a cognitive model that could support the design of a software for adaptive training in the cyberdefense field. Such a model would allow us to understand the different cognitive processes used by the operator to perform tasks, and to identify the factors that could contribute to performance decrement. This model can then orient the selection of appropriate physiological and behavioural indicators to measure what parts of the task cause difficulty to the operator.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"71 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114092560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Effects of Cyber Readiness and Response on Human Trust in Self Driving Cars","authors":"Victoria Marcinkiewicz, Qiyuan Zhang, Phillip Morgan","doi":"10.54941/ahfe1003719","DOIUrl":"https://doi.org/10.54941/ahfe1003719","url":null,"abstract":"Self driving cars (SDC) are potentially set to revolutionise the automotive industry. Despite the promise of a plethora of purported benefits (e.g. fewer road traffic accidents, better traffic flow; lower emissions), one key concern relates to the potential for SDCs and their connected infrastructure to be cyber attacked. Aside from material losses, an adverse cyber experience is likely to undermine human trust – with trust being a key contributing factor to the uptake and use of automated technology such as SDCs.Many studies have projected the different types of cyber attacks an SDC could fall victim to [1]. Concerns about the consequences of cyber attacks for e.g. users, other road users, manufacturers, legislators, legal experts, and governments have also been raised. Procedural and technical solutions have been proposed to tackle the SDC-cyber security challenge, which includes the proposition of rankings for SDCs GPS system vulnerabilities [2].Nonetheless, it is inevitable that threat actors will compromise an SDC system(s) through either exploited vulnerabilities and/or user error. It is crucial that such an event(s) does not erode trust (e.g. leading to misuse or even disuse) if the long-term benefits of this technology are to be reaped. Therefore, the study explores whether the capability and obligation from a SDC company (who are most likely to be blamed when an attack happens) to manage a cyber attack – with regards to its readiness and response activities – impacts trust in SDC technology.Using a cutting-edge AV Simulation Driving Simulator and simulation software generated animations (SCANeR Studio) embedded into an online survey, participants watch a futuristic driving scenario where the SDC executes a variety of successful driving manoeuvres before the system falls victim to an unspecified cyber-attack. Self-reported trust is measured after each successful manoeuvre as well as following the cyber attack. The experiment follows a 3x2 – 6 condition design – manipulated between participants. In each condition, all participants are shown the same driving scenario. The independent variables (IVs) consist of the information given to the participant before and after watching the scenario: IV1 being the SDCs cyber readiness (low/medium/high) and IV2, the SDCs company’s response to the incident (positive/negative). Before watching the scenario, information about cars status (including its cyber readiness) is provided. After watching the scenario and experiencing the cyber attack, participants are provided with text detailing how the SDC company responded to the cyber attack. The key prediction is that a company with higher cyber maturity (i.e. has a high level of cyber readiness and responds positively to the incident) will be trusted more than a company/companies with lower cyber security considerations. Currently the experiment is in progress and findings and details on the implications will be presented in the paper. Future research will ","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131093532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Deployment of Ransomware Detection Using Dynamic Analysis and Machine Learning","authors":"J. Herrera Silva, Myriam Hernández-Álvarez","doi":"10.54941/ahfe1003714","DOIUrl":"https://doi.org/10.54941/ahfe1003714","url":null,"abstract":"Ransomware's growing impact is powered by dedicated criminal teams working within an organized business framework. Because of the amount of sensitive information stored on devices and the cloud while transferring over the networks, malware detection, especially ransomware, has become a primary research topic in recent years. In this paper, we present a dynamic feature dataset with 50 characteristics that are ransomware related and with low correlation pairwise. The link to the dataset is included. Using this dataset, machine learning models are generated implementing Random Forest, Gradient Boosted Regression Trees, Gaussian Naïve Bayes, and Neural Networks algorithms obtaining average ten-fold cross-validation accuracies between 74% and 100%. Processing times range between 0.15 sec and 25.47 secs, allowing a fast response to avoid encryption. These models are applied to new artifacts to effectively detect possible incoming threats.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130839443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of Risks to Data Privacy Throughout European Countries","authors":"W. Patterson","doi":"10.54941/ahfe1003717","DOIUrl":"https://doi.org/10.54941/ahfe1003717","url":null,"abstract":"Over 20 years ago, the surprising research by Latanya Sweeney demonstrated that publicly available database information exposed the overwhelming percentage of United States residents to information easily available in order to facilitate the capture of such personal information, through techniques we now refer to as “dumpster diving.” In particular, her research demonstrated that approximately 87% of the United States population can be identified uniquely using only the Unites States’ five digit postal code, date of birth (including year), and gender. Although this result has held up over time, given the demographic parameters used in developing this estimate, Sweeney’s technique made no attempt to develop similar estimates for other countries. In this paper, we use Sweeney’s technique in order to provide estimates of the ability of similar demographics to provide the same type of data in a number of other countries throughout the European Community and other non-EU countries in Europe. Through this mechanism, we attempt to determine the susceptibility to data privacy attacks in Europe as compared to the United States.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128819804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Security-as-a-Hindrance Towards User-Centred Cybersecurity Design","authors":"Rick van der Kleij","doi":"10.54941/ahfe1002209","DOIUrl":"https://doi.org/10.54941/ahfe1002209","url":null,"abstract":"Cybersecurity controls in the workplace are viewed by many people as a hindrance that results in wasted time. End-users often bypass controls to get their work done and because of this, even the technically most secure systems can become unsecured. One crucial reason for this could be a lack of attention paid to usability factors by the software development teams that de-sign controls. In this paper I investigate how to design cybersecurity controls in such a way that the user is more likely to behave in a secure manner when confronted with these controls. I put forward three practices that, when employed alongside each other, hold the promise to produce usable and effective cybersecurity controls.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"139 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126305057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Didactic Tool for Digital Forensics","authors":"E. Cankaya, Anindita Palit, Elissa Williams","doi":"10.54941/ahfe1002197","DOIUrl":"https://doi.org/10.54941/ahfe1002197","url":null,"abstract":"Several tools exist for performing digital forensics investigations on evidence data. As the vast variety of options available provides a wide span of choices to select from, this variation itself contributes to the complexity of learning and navigating these tools. To facilitate user’s learning efforts, we present a didactic tool that can be used to explore different digital forensics tools for investigating various evidence files in different OS platforms. We use synthetically generated data in the form of a made up scenario that offers safe, realistic, yet reliable data analysis. The digital forensics tools we use are Autopsy, WinHex, ProDiscover, and StegHide; and we demonstrate the execution of these tools in two different OS platforms as Windows and Mac. Our tool is promising to offer explanation and deep insight into commonly available digital forensics tools, and is offered to serve digital forensics students and/or professionals.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131038837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploring Human and Environmental Factors that Make Organizations Resilient to Social Engineering Attacks","authors":"Michelle Ancher, Erbilcan Aslan, Rick van der Kleij","doi":"10.54941/ahfe1002203","DOIUrl":"https://doi.org/10.54941/ahfe1002203","url":null,"abstract":"In this explorative research social engineering attacks were studied, especially the ones that failed, in order to help organisations to become more resilient. Physical, phone and digital attacks were carried out using a script following the ‘social engineering cycle’. We used the COM-B model of behaviour change, refined by the Theoretical Domains Framework, to examine by means of a survey how Capability, Motivational and foremost Opportunity factors help to increase resilience of organisations against social engineering attacks. Within Opportunity, social influence seemed of extra importance. Employees who work in small sized enterprises (<50 employees) were more successful in withstanding digital social engineering attacks than employees who work in larger organisations. An explanation for this could be a greater amount of social control; these employees work in close proximity to one another, so they are able to check irregularities or warn each other. Also, having a conversation protocol installed on how to interact with outsiders, was a measure taken by all organisations where attacks by telephone failed. Therefore, it is more difficult for an outsider to get access to the organisation by means of social engineering. This paper ends with a discussion and some recommendations for organisations, e.g. the design of the work environment, to help increase their resilience against social engineering attacks.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131044269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Metric to Assist in Detecting International Phishing or Ransomware Cyberattacks","authors":"W. Patterson, Jeremy Blacksttone","doi":"10.54941/ahfe1002195","DOIUrl":"https://doi.org/10.54941/ahfe1002195","url":null,"abstract":"Over the past decade, the number of cyberattacks such as ransomware, phishing, and other forms of malware have increased significantly, as has the danger to innocent users. The ability to launch such devastating attacks is no longer limited to well-funded, highly structured organizations including government agencies whose missions may well include cyberattacks.The focus of our study is threats to an individual not from such highly organized institutions, but rather less organized cybercriminal organizations with limited resources.The Internet provides ample opportunities for such criminal organizations to launch cyberattacks at minimal cost. One tool for such lower-level criminal organizations is Google Translate (GT) needed to launch a cyberattack on a user in a relatively advantaged country such as the United States, United Kingdom, or Canada. It has been observed that many such attacks may originate in a lesser developed country (LDC), where the local language is a language not common persons in target countries, for example English.It is a reasonable assumption that informal cyberattackers may not have a command of English and to use English for an attack online they may require a mechanism, such as the no-cost GT.In previous work, a number of authors have attempted to develop an index to measure the efficiency or what might be called an ABA translation. This involves beginning with a test document in language A, then GT to translate into language B, then back again to A. The resulting original text is then compared to the transformation by using a modified Levenshtein distance computation for the A versions.The paper analyzes the process of determining an index to detect if a text has been translated from an original language and location, assuming the attack document has been written in one language and translated using GT into the language of the person attacked. The steps involved in this analysis include:a) Consistency: in order to determine consistency in the use of the ABA/GT process, the primary selection of test is compared with random samples from the test media;b) Expanded selection of languages for translation: prior work has established use of the technique for 12 language pairs. The current work extends analysis to a wider set of languages, including those reported as having the highest levels of cyberattacks.c) Back translation of selected languages: used to extend the quality of those translations are made.d) New language pairs are considered: by analyzing the countries and indigenous languages of the countries paired with the highest levels of cyberattack and the highest levels of cyberdefense, additional language pairs are added to this analysis;e) Comparison to prior results: results found in this paper are used for a proposed network for all language pairs considered in this analysis.The end product is a metric giving a probability of determining the original source language of the cyberattack as compared to the translati","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132696731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}