Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime

Three Essays on Individuals’ Vulnerability to Security Attacks in Online Social Networks: Factors and Behaviors

With increasing reliance on the Internet, the use of online social networks (OSNs) for communication has grown rapidly. OSN platforms are used to share information and communicate with friends and family. However, these platforms can pose serious security threats to users. In spite of the extent of such security threats and resulting damages, little is known about factors associated with individuals’ vulnerability to online security attacks. We address this gap in the following three essays. Essay 1 draws on a synthesis of the epidemic theory in infectious disease epidemiology with the social capital theory to conceptualize factors that contribute to an individual’s role in security threat propagation in OSN. To test the model, we collected data and created a network of hacked individuals over three months from Twitter. The final hacked network consists of over 8000 individual users. Using this data set, we derived individual’s factors measuring threat propagation efficacy and threat vulnerability. The dependent variables were defined based on the concept of epidemic theory in disease propagation. The independent variables are measured based on the social capital theory. We use the regression method for data analysis. The results of this study uncover factors that have significant impact on threat propagation efficacy and threat vulnerability. We discuss the novel theoretical and managerial contributions of this work. Essay 2 explores the role of individuals’ interests in their threat vulnerability in OSNs. In OSNs, individuals follow social pages and post contents that can easily reveal their topics of interest. Prior studies show high exposure of individuals to topics of interest can decrease individuals’ ability to evaluate the risks associated with their interests. This gives attackers a chance to target people based on what they are interested in. However, interest-based vulnerability is not just a risk factor for individuals themselves. Research has reported that similar interests lead to friendship and individuals share similar interests with their friends. This similarity can increase trust among friends and makes individuals more vulnerable to security threat coming from their friends’ behaviors. Despite the potential importance of interest in the propagation of online security attacks online, the literature on this topic is scarce. To address this gap, we capture individuals’ interests in OSN and identify the association between individuals’ interests and their vulnerability to online security threats. The theoretical foundation of this work is a synthesis of dual-system theory and the theory of homophily. Communities of interest in OSN were detected using a known algorithm. We test our model using the data set and social network of hacked individuals from Essay 1. We used this network to collect additional data about individuals’ interests in OSN. The results determine communities of interests which were associated with individuals’ online threat vulnerability. Moreover, our findings reveal that similarities of interest among individuals and their friends play a role in individuals’ threat vulnerability in OSN. We discuss the novel theoretical and empirical contributions of this work. Essay 3 examines the role addiction to OSNs plays in individuals’ security perceptions and behaviors. Despite the prevalence of problematic use of OSNs and the possibility of addiction to these platforms, little is known about the functionalities of brain systems of users who suffer from OSN addiction and their online security perception and behaviors. In addressing these gaps, we have developed the Online addiction & security behaviors (OASB) theory by synthesizing dual-system theory and extended protection motivation theory (PMT). We collected data through an online survey. The results indicate that OSN addiction is rooted in the individual’s brain systems. For the OSN addicted, there is a strong cognitive-emotional preoccupation with using OSN. Our findings also reveal the positive and significant impact of OSN addiction on perceived susceptibility to and severity of online security threats. Moreover, our results show the negative association between OSN addiction and perceived self-efficacy. We discuss the theoretical and practical implications of this work

Selfish Response to Epidemic Propagation

An epidemic spreading in a network calls for a decision on the part of the network members: They should decide whether to protect themselves or not. Their decision depends on the trade-off between their perceived risk of being infected and the cost of being protected. The network members can make decisions repeatedly, based on information that they receive about the changing infection level in the network. We study the equilibrium states reached by a network whose members increase (resp. decrease) their security deployment when learning that the network infection is widespread (resp. limited). Our main finding is that the equilibrium level of infection increases as the learning rate of the members increases. We confirm this result in three scenarios for the behavior of the members: strictly rational cost minimizers, not strictly rational, and strictly rational but split into two response classes. In the first two cases, we completely characterize the stability and the domains of attraction of the equilibrium points, even though the first case leads to a differential inclusion. We validate our conclusions with simulations on human mobility traces.Comment: 19 pages, 5 figures, submitted to the IEEE Transactions on Automatic Contro

Spreading processes in Multilayer Networks

Several systems can be modeled as sets of interconnected networks or networks with multiple types of connections, here generally called multilayer networks. Spreading processes such as information propagation among users of an online social networks, or the diffusion of pathogens among individuals through their contact network, are fundamental phenomena occurring in these networks. However, while information diffusion in single networks has received considerable attention from various disciplines for over a decade, spreading processes in multilayer networks is still a young research area presenting many challenging research issues. In this paper we review the main models, results and applications of multilayer spreading processes and discuss some promising research directions.Comment: 21 pages, 3 figures, 4 table

A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. MaTR outperforms leading static heuristic methods with a statistically significant 1% improvement in detection accuracy and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 65% performance improvement over the combined effectiveness of three commercial antivirus products