1,227 research outputs found
Conceptualizing human resilience in the face of the global epidemiology of cyber attacks
Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime
Three Essays on Individualsâ Vulnerability to Security Attacks in Online Social Networks: Factors and Behaviors
With increasing reliance on the Internet, the use of online social networks (OSNs) for communication has grown rapidly. OSN platforms are used to share information and communicate with friends and family. However, these platforms can pose serious security threats to users. In spite of the extent of such security threats and resulting damages, little is known about factors associated with individualsâ vulnerability to online security attacks. We address this gap in the following three essays.
Essay 1 draws on a synthesis of the epidemic theory in infectious disease epidemiology with the social capital theory to conceptualize factors that contribute to an individualâs role in security threat propagation in OSN. To test the model, we collected data and created a network of hacked individuals over three months from Twitter. The final hacked network consists of over 8000 individual users. Using this data set, we derived individualâs factors measuring threat propagation efficacy and threat vulnerability. The dependent variables were defined based on the concept of epidemic theory in disease propagation. The independent variables are measured based on the social capital theory. We use the regression method for data analysis. The results of this study uncover factors that have significant impact on threat propagation efficacy and threat vulnerability. We discuss the novel theoretical and managerial contributions of this work.
Essay 2 explores the role of individualsâ interests in their threat vulnerability in OSNs. In OSNs, individuals follow social pages and post contents that can easily reveal their topics of interest. Prior studies show high exposure of individuals to topics of interest can decrease individualsâ ability to evaluate the risks associated with their interests. This gives attackers a chance to target people based on what they are interested in. However, interest-based vulnerability is not just a risk factor for individuals themselves. Research has reported that similar interests lead to friendship and individuals share similar interests with their friends. This similarity can increase trust among friends and makes individuals more vulnerable to security threat coming from their friendsâ behaviors. Despite the potential importance of interest in the propagation of online security attacks online, the literature on this topic is scarce. To address this gap, we capture individualsâ interests in OSN and identify the association between individualsâ interests and their vulnerability to online security threats. The theoretical foundation of this work is a synthesis of dual-system theory and the theory of homophily. Communities of interest in OSN were detected using a known algorithm. We test our model using the data set and social network of hacked individuals from Essay 1. We used this network to collect additional data about individualsâ interests in OSN. The results determine communities of interests which were associated with individualsâ online threat vulnerability. Moreover, our findings reveal that similarities of interest among individuals and their friends play a role in individualsâ threat vulnerability in OSN. We discuss the novel theoretical and empirical contributions of this work.
Essay 3 examines the role addiction to OSNs plays in individualsâ security perceptions and behaviors. Despite the prevalence of problematic use of OSNs and the possibility of addiction to these platforms, little is known about the functionalities of brain systems of users who suffer from OSN addiction and their online security perception and behaviors. In addressing these gaps, we have developed the Online addiction & security behaviors (OASB) theory by synthesizing dual-system theory and extended protection motivation theory (PMT). We collected data through an online survey. The results indicate that OSN addiction is rooted in the individualâs brain systems. For the OSN addicted, there is a strong cognitive-emotional preoccupation with using OSN. Our findings also reveal the positive and significant impact of OSN addiction on perceived susceptibility to and severity of online security threats. Moreover, our results show the negative association between OSN addiction and perceived self-efficacy. We discuss the theoretical and practical implications of this work
Selfish Response to Epidemic Propagation
An epidemic spreading in a network calls for a decision on the part of the
network members: They should decide whether to protect themselves or not. Their
decision depends on the trade-off between their perceived risk of being
infected and the cost of being protected. The network members can make
decisions repeatedly, based on information that they receive about the changing
infection level in the network.
We study the equilibrium states reached by a network whose members increase
(resp. decrease) their security deployment when learning that the network
infection is widespread (resp. limited). Our main finding is that the
equilibrium level of infection increases as the learning rate of the members
increases. We confirm this result in three scenarios for the behavior of the
members: strictly rational cost minimizers, not strictly rational, and strictly
rational but split into two response classes. In the first two cases, we
completely characterize the stability and the domains of attraction of the
equilibrium points, even though the first case leads to a differential
inclusion. We validate our conclusions with simulations on human mobility
traces.Comment: 19 pages, 5 figures, submitted to the IEEE Transactions on Automatic
Contro
Spreading processes in Multilayer Networks
Several systems can be modeled as sets of interconnected networks or networks
with multiple types of connections, here generally called multilayer networks.
Spreading processes such as information propagation among users of an online
social networks, or the diffusion of pathogens among individuals through their
contact network, are fundamental phenomena occurring in these networks.
However, while information diffusion in single networks has received
considerable attention from various disciplines for over a decade, spreading
processes in multilayer networks is still a young research area presenting many
challenging research issues. In this paper we review the main models, results
and applications of multilayer spreading processes and discuss some promising
research directions.Comment: 21 pages, 3 figures, 4 table
A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. MaTR outperforms leading static heuristic methods with a statistically significant 1% improvement in detection accuracy and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 65% performance improvement over the combined effectiveness of three commercial antivirus products
- âŠ