An Augmented Cybersecurity Behavioral Research Model

Addae, Joyce; Radenkovic, Milena; Sun, Xu; Towey, Dave

doi:10.1109/compsac.2016.52

Cited by 4 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The confidentiality aspect of security is a basic privacy goal, and is concerned with the prevention of unauthorised access to sensitive data (Schneier, 2011). Because personal data is a common factor underlying the constructs of both security and privacy (Pearson, 2013), we have theorised that personal data, and how it is perceived by individuals, influences security related behaviour (Addae et al, 2016). APD here refers to the value people place on their data, and their tendency to adopt measures to protect it.…”

Section: Attitude To Personal Data (Apd)mentioning

confidence: 99%

Exploring user behavioral data for adaptive cybersecurity

Addae

Sun

Towey

et al. 2019

User Model User-Adap Inter

Self Cite

View full text Add to dashboard Cite

This paper describes an exploratory investigation into the feasibility of predictive analytics of user behavioural data as a possible aid in developing effective user models for adaptive cybersecurity. Partial Least Squares Structural Equation Modelling (PLS-SEM) is applied to the domain of cybersecurity by collecting data on users' attitude towards digital security, and analysing how that influences their adoption and usage of technological security controls. Bayesian-network modeling is then applied to integrate the behavioural variables with simulated sensory data from the web browser and other empirical data gathered to support personalized adaptive cybersecurity decision-making. Results from the empirical study show that predictive analytics is feasible in the context of behavioural cybersecurity, and can aid in the generation of useful heuristics for the design and development of adaptive cybersecurity mechanisms. Predictive analytics can also aid in encoding digital security behavioural knowledge that can support the adaptation and/or automation of operations in the domain of cybersecurity. The experimental results demonstrate the effectiveness of the techniques applied to extract input data for the Bayesian-based models for personalized adaptive cybersecurity assistance.

show abstract

Section: Attitude To Personal Data (Apd)mentioning

confidence: 99%

Exploring user behavioral data for adaptive cybersecurity

Addae

Sun

Towey

et al. 2019

User Model User-Adap Inter

Self Cite

View full text Add to dashboard Cite

show abstract

“…Prior research in adversarial and behavioral cybersecurity experimented with deception techniques by introducing honeypots systems in the network (Furman et al, 2012 ; Addae et al, 2016 ; Caulkins et al, 2016 ). Researchers experimented with the effect of subnetting a network during a cyber-attack (Achleitner et al, 2017 ; Kelly et al, 2019 ).…”

Section: Discussionmentioning

confidence: 99%

“…Prior research in adversarial and behavioral cybersecurity experimented with deception techniques by introducing honeypots systems in the network (Furman et al, 2012;Addae et al, 2016;…”

Section: Discussionmentioning

confidence: 99%

“…Research in the area of the use of honeypots has been successful in identifying how honeypots can be created and deployed (Kambow and Passi, 2014 ). Also, behavioral cybersecurity researchers have extensively investigated honeypots' use in predicting adversary's decisions during a cyber-attack (Furman et al, 2012 ; Addae et al, 2016 ; Caulkins et al, 2016 ). Researchers have documented the effect of early and late deception on an attacker's decision using abstract games and simulated networks (Singal et al, 2017 ; Aggarwal et al, 2020 ).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Does subnetting and port hardening influence human adversarial decisions? An investigation via a HackIT tool

2023

View full text Add to dashboard Cite

Prior research in cyber deception has investigated the effectiveness of the timing of deception on human decisions using simulation tools. However, there exists a gap in the literature on how the availability of subnets and port-hardening influence human decisions to attack a system. We tested the influence of subnets and port-hardening on human attack decisions in a simulated environment using the HackIT tool. Availability of subnets (present/absent) within a network and port-hardening (easy-to-attack/hard-to-attack) were varied across four between-subject conditions (N = 30 in each condition): with-subnet with easy-to-attack, with-subnet with hard-to-attack, without-subnet with easy-to-attack, and without-subnet with hard-to-attack. In with-subnet conditions, 40 systems were connected in a hybrid topology network with ten subnets connected linearly, and each subnet contained four connected systems. In without-subnet conditions, all 40 systems were connected in a bus topology. In hard-to-attack (easy-to-attack) conditions, the probabilities of successfully attacking real systems and honeypots were kept low (high) and high (low), respectively. In an experiment, human participants were randomly assigned to one of the four conditions to attack as many real systems as possible and steal credit card information. Results revealed a significant decrease in the proportion of real system attacks in the availability of subnetting and port hardening within the network. Also, more honeypots were attacked in with-subnet conditions than without-subnet conditions. Moreover, a significantly lower proportion of real systems were attacked in the port-hardened condition. This research highlights the implications of subnetting and port-hardening with honeypots to reduce real system attacks. These findings are relevant in developing advanced intrusion detection systems trained on hackers' behavior.

show abstract

“…In their study on cybersecurity implementation and adoption, Tan et al (2021) examined the impact of the technology acceptance model on the acceptance of the cybersecurity maturity model in organizations. Addae et al (2016) proposed a behavioral cybersecurity model based on behavioral theories to identify factors affecting the individuals' cybersecurity behavior. Kumar et al (2021) used the human‐organization‐technology (HOT) theory as a means by which to identify the drivers required to enrich cybersecurity at the organizational level.…”

Section: Research Model and Hypotheses Developmentmentioning

confidence: 99%

Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan

Al-Ma’aitah

2022

E J Info Sys Dev Countries

View full text Add to dashboard Cite

Electronic government systems are broadly recognized in the modern era as useful and valid means of delivering e-services. As the importance and prevalence of egovernment services have grown, increasing attention has necessarily been placed on the cybersecurity of electronic programs. Multiple drivers have been identified as contributing to the enhancement of cybersecurity, however, there is limited empirical research confirming these drivers. The main aims of this study are to investigate the drivers of e-government cybersecurity enhancement and determine the impact of cybersecurity on the effectiveness of e-government systems. The study constructs were extracted from the human-organization-technology (HOT) theory and institutional theory. A total of 500 questionnaires were randomly distributed to information technology department staff members and e-government officials in Jordanian ministries. The resulting data were analyzed using a structural equation modeling approach. The findings indicate that technical measures, the role of senior management, coercive pressures, and memetic pressures are important drivers for enhanced cybersecurity levels in governmental organizations. The results also show that enhancing cybersecurity levels in organizations promote the effectiveness of e-government services. These conclusions offer researchers and practitioners insight as to the drivers of an enhanced cybersecurity and the importance of cybersecurity in e-government as a whole.

show abstract

An Augmented Cybersecurity Behavioral Research Model

Cited by 4 publications

References 6 publications

Exploring user behavioral data for adaptive cybersecurity

Exploring user behavioral data for adaptive cybersecurity

Does subnetting and port hardening influence human adversarial decisions? An investigation via a HackIT tool

Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan

Contact Info

Product

Resources

About