Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2020 | Book

Creative Manual Code Obfuscation as a Countermeasure Against Software Reverse Engineering Read chapter Read first chapter

Advances in Human Factors in Cybersecurity

AHFE 2020 Virtual Conference on Human Factors in Cybersecurity, July 16–20, 2020, USA

Editors: Isabella Corradini, Prof. Enrico Nardelli, Dr. Tareq Ahram

Publisher: Springer International Publishing

Book Series : Advances in Intelligent Systems and Computing

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book reports on the latest research and developments in the field of human factors in cybersecurity. It analyzes how the human vulnerabilities can be exploited by cybercriminals and proposes methods and tools to increase cybersecurity awareness. The chapters cover the social, economic and behavioral aspects of the cyberspace, providing a comprehensive perspective to manage cybersecurity risks.

By gathering the proceedings of the AHFE Virtual Conference on Human Factors Cybersecurity, held on July 16–20, 2020, this book offers a timely perspective of key psychological and organizational factors influencing cybersecurity, reporting on technical tools, training methods and personnel management strategies that should enable achieving a holistic cyber protection for both individuals and organizations. By combining concepts and methods of engineering, education, computer science and psychology, it offers an inspiring guide for researchers and professionals, as well as decision-makers, working at the interfaces of those fields.

Table of Contents

Frontmatter

Cognitive Factors, Personality and Decisions Making

Frontmatter
Creative Manual Code Obfuscation as a Countermeasure Against Software Reverse Engineering
Abstract
Due to the relevance of IT security to industry, politics, and the public alike, research on IT-security-related issues is abundant. However, a lack of interdisciplinarity in this domain has led to a vast amount of detailed information on technical aspects of security one the one hand, and little to no insight into the psychological aspects of attacking, defending, or securely using technological systems on the other. This research effort aims to contribute to filling this gap by determining cognitive predictors of software reverse engineering as well as code obfuscation success and by describing and analyzing approaches and strategies IT specialists use when attacking or defending Java programs. Moreover, the relevance of adversarial reasoning in this domain is assessed. In an experimental design, participant pairs either receive an instruction into game theoretical concepts of adversarial reasoning or not, to then obfuscate Java code or reverse engineer clear and obfuscated code.
Salsabil Hamadache, Malte Elson
Cyberbullying Perceptions and Experiences in Diverse Youth
Abstract
We report results from a study that fills gaps in cyberbullying research regarding: 1) diverse youths’ cyberbullying perceptions and experiences, and 2) youths’ cyberbullying-related self-disclosure online. Our study surveyed the relationship between youths’ online self-disclosure practices and their cyberbullying experiences, finding a significant correlation between cyberbullying and the amount and type of information disclosed online. We also found racial differences in youths’ self-disclosure. Focus group discussions with LGBTQ+ youths explored these issues in more depth. We found distinctive perspectives about accountability, disclosure management, and witness-victim effects.
April Edwards, Lynne Edwards, Alec Martin
Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat
Abstract
This paper examines the modern history of ransomware and its evolution to the current form of large-scale ransomware attacks (ones that disrupt entire organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an empirical analysis of ransom payments, conditions that led to those payments, and if data was ultimately recovered.
Three factors were discovered that lead to organization to pay the ransom when recovery is impossible or cost-prohibitive: the rise of cyberinsurance companies that dictate responses that lessen their financial exposure, many victim organizations who have to always operate such as hospitals and emergency services, and the fiduciary duty of business executives to act in the best interest of a company. Lastly, we look at the concept of outlawing ransom payments and relate it the policy of outlawing random payments in kidnapping.
John Christian Bambenek, Masooda Bashir
Does the Propensity to Take Risks Influence Human Interactions with Autonomous Systems?
Abstract
Technological development towards automation has been taking place for years and a wide range of autonomous systems (AS) have been introduced in homes and retailing spaces. Although these AS seem to be riskless, if they are exploited they can endanger private information of users, which opens a new stage for the security of AS. Humans have an initial and positive bias towards automation that might lead to errors related to unintentional actions or lack of actions. Therefore, the effective adoption of AS relies on users’ attitudes, like the propensity to take risks and the calibration of human trust to avoid situations of mistrust, over trust, and distrust, increasing the systems’ security. This study conducted an online questionnaire to investigate the relationship between an individual’s propensity to take risks and trust in automation. We found that participants with low risk seeking tendencies will trust more in AS when compared to high risk seeking participants. Moreover, other individual differences like age, gender, and education led to interesting results. Thus, our study provides valuable information about the human factors that mediate human and autonomous systems interactions and thereby influence trust.
Priscilla Ferronato, Masooda Bashir
The Impact of Fake News on the African-American Community
Abstract
An issue of increasing importance in the past few years has been what is generally referred to as “fake news”. Although there is considerable evidence of such deceptive communication over many centuries, the sheer difference in deception techniques of such communication in an electronic environment has allowed the perpetrators the ability to disguise it in many forms that could not be seen in communication vehicles as print or electronic media such as radio or television. Techniques developed in the context of storable electronic information have allowed fake news items to take on a wider variety of disguises. In addition, with the access to electronic information being available in recent years to a large percentage of the world’s population, the effect of such misleading information has had a much wider sphere of impact. As a consequence, many actors have developed sophisticated tools to convince even very diligent readers of the legitimacy of the false information purveyed. Many examples of this arose in the 2016 United States Presidential election. In particular, many items, supposedly from the Russian government, were aimed at reducing the African-American participation in that election. Our research attempted to assess the effectiveness of those attacks.
Wayne Patterson, Augustine Orgah, Suryadip Chakraborty, Cynthia E. Winston-Proctor

Cybersecurity Tools and Analytics

Frontmatter
Detecting Identity Deception in Online Context: A Practical Approach Based on Keystroke Dynamics
Abstract
Keystroke dynamics has been recently proved to be an effective behavioral measure to detect subjects who provide false demographic information in online contexts. However, current techniques still suffer from some limits that restrict their practical application, such as the use of errors as a key feature to train the lie detectors and the absence of normalized features. Here, an extension of a keystroke dynamics technique, which was recently proposed to detect faked identities, is reported with the goal to overcome these limitations. Using a Quadratic Discriminant Analysis an accuracy up to 92% in the identification of faked identities has been reached, even if errors were excluded from predictors and normalized features were included. The classification model performs similarly to those previously proposed, with a slightly lower accuracy (−3%) but overcoming their important practical limitations.
Matteo Cardaioli, Merylin Monaro, Giuseppe Sartori, Mauro Conti
An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited
Abstract
Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.
Tanusree Sharma, Masooda Bashir
Generation of User Profiles in UNIX Scripts Applying Evolutionary Neural Networks
Abstract
Information is the most important asset for institutions, and thus ensuring optimal levels of security for both operations and users is essential. For this research, during Shell sessions, the history of nine users (0–8) who performed tasks using the UNIX operating system for a period of two years was investigated. The main objective was to generate a classification model of usage profiles to detect anomalous behaviors in the system of each user. As an initial task, the information was preprocessed, which generates user sessions \( S_{m}^{u}\), where u identifies the user and m the number of sessions the user has performed u. Each session \( S_{m}^{u} \) contains a script execution sequence \( C_{n} \), that is \( S_{m}^{u} \) = {\( C_{1} , C_{2} ,C_{3} \),…, \( C_{n} \)}, where n is the position where the \( C_{n} \) command was executed. Supervised and unsupervised data mining techniques and algorithms were applied to this data set as well as voracious algorithms, such as the Greedy Stepwise algorithm, for attribute selection. Next, a Genetic Algorithm with a Neural Network model was trained to the set of sessions \( S_{m}^{u} \) to generate a unique behavior profile for each user. In this way, the anomalous or intrusive behaviors of each user were identified in a more approximate and efficient way during the execution of activities using the computer systems. The results obtained indicate an optimum pressure and an acceptable false positive rate.
Jairo Hidalgo, Cesar Guevara, Marco Yandún
Use Mouse Ballistic Movement for User Authentication Based on Hilbert-Huang Transform
Abstract
In order to explore the frequency domain characteristics of mouse operation for user authentication. This paper collected experimental data on mouse ballistic movements of 10 participants on the AML website. Hilbert-Huang transform was used to extract the frequency-domain information of 9 features such as speed and acceleration during mouse movement, and formed a frequency-domain feature matrix. The Bagged-tree algorithm was used to build an authentication model. The method proposed in this paper obtained Precision = 90.25%, Recall = 88.20%. The results show that there are differences in the frequency domain information when different users operate the mouse to complete the same task, which can be used for user authentication.
YiGong Zhang, ShiQuan Xiong, JiaJia Li, ShuPing Yi

Awareness, Training and Education

Frontmatter
Understanding and Enabling Tactical Situational Awareness in a Security Operations Center
Abstract
Cybersecurity operations are highly complex, requiring the coordination of specialized skills across multiple teams to successfully execute missions. Command and control within security operations centers is dominated by fragile mental models, demonstrating a need for systems that reinforce shared situational awareness across the organization. In this paper, we present the results of our research to: (1) define the needs associated with tactical cyber situational awareness; and (2) evaluate the usability and utility of a prototype tactical situational awareness dashboard. We found that incident tracking, tasking structure, execution timeline, and resource health constitute the essential aspects of tactical cyber situational awareness. Evaluations of prototypes suggest that three visualizations are well suited for conveying this information. We believe these results generalizable and will enable the development of tactical situational awareness capabilities in Security Operations Centers across public and private enterprises.
Ryan Mullins, Ben Nargi, Adam Fouse
Cybersecurity Risks and Situation Awareness: Audit Committees’ Appraisal
Abstract
The issue of cybersecurity has become a challenge for companies and boards of directors. Cybersecurity is not only an IT topic, but a risk extended to all operations of the companies. Indeed, cybersecurity potentially has an impact on financial reporting quality, this attribution being one of the duties of audit committees. Using Endsley’s model, our exploratory study seeks to determine the levels of cyber situational awareness of audit committee members, how they comply with it and if this appraisal matches the steps identified within the model.
Stéphanie Thiéry, Didier Fass
Addressing Human Factors in the Design of Cyber Hygiene Self-assessment Tools
Abstract
As cybersecurity (CS) threats become more sophisticated and diversified, organizations are urged to constantly adopt and update measures for contrasting different types of attacks. Particularly, as novel techniques (e.g., social engineering and phishing) are aimed at leveraging individual users’ vulnerabilities to attack and breach a larger system or an entire company, user awareness and behavior have become key factors in preventing adverse events, mitigating their damage, and responding appropriately. As a result, the concept of Cyber Hygiene (CH) is becoming increasingly relevant to address the risk associated to an individual’s CS practices. Consequently, self-assessment tools are becoming more important for evaluating user’s literacy, implementing measures (e.g., training), and studying the effectiveness of interventions. In this paper, we propose a framework for including human factors in the design of self-assessment tools and for accurately modeling CH aspects that the root cause in CS issues.
Jacob Esparza, Nicholas Caporusso, Angela Walters
Habituation: A Possible Mitigation of a Wicked Problem
Abstract
A construct for intentional habit formation is suggested as a possible mitigation to the disparity between user capability and systems requirements. The importance of usable security is well represented in early discussions ([3]; Sasse 2001). Twenty years after M. S. Ackerman [7] provided a significant discussion of the “gap” between what humans need and what computers can support, the “social-technical gap” in privacy and security management continues. Humans, for many reasons, cannot make good, consistent decisions regarding security. Current and foundational theoretical understandings of human limitations are outlined, in both an individual and social context. The difference between current systems and principles of interface and interaction design are highlighted. Finally, a possible ameliorating step is suggested. Specifically, a movement from reliance on human cognition and decision making to a reliance on habit formation.
Kirsten E. Richards
Developing Digital Awareness at School: A Fundamental Step for Cybersecurity Education
Abstract
The theme of cybersecurity regards people in primis, considering that everyone uses digital technologies both in professional and private life, and that people’s behaviour plays an important role in the occurrence of cyberthreats. The human factor has therefore to be recognized as an essential element to be considered for developing an effective cybersecurity, and education is the key driver. However, since children access online activities at an early age, it is wise to develop interventions to promote digital awareness from first years at school, focusing on the responsible use of digital technologies. Becoming conscious of the risks they are exposed to is an important step for children to move safely on the Internet and to understand the different cyber-risks they have to face. This activity represents hence a fundamental step for cybersecurity education.
In this paper we present a study investigating Italian school teachers’ perception of their students’ digital awareness and their evaluation of the actions needed for its development. Answers were provided by 2,229 teachers from all over the country belonging to primary and secondary schools, participating in a national project whose goal is to spread computer science and to sensitize students to a proper use of digital technologies.
The results confirm the high sensitivity of teachers towards digital awareness issues. Indeed, students should be prepared to recognize risks when they use digital technologies: not only cyberbullying, they should pay more attention to the protection of their personal data, and to the reliability of news on social media. Moreover, teachers declare the need for themselves to receive specific training on digital awareness, and to be supported in their activities.
Isabella Corradini, Enrico Nardelli

Social, Economical and Behavioral Aspects of Cybersecurity

Frontmatter
Economic Prospect Theory Applied to Cybersecurity
Abstract
A growing concern in the cybersecurity community evaluation of the strengths and defenses regarding cyberattacks. One approach that has not been often explored is to estimate the strength of an attack or defense in economic terms. For example, estimation of the memory required for code used for an attack, or what is equivalent, the computer time to execute an attack. We choose to express the costs in economic terms, and thus define the method of analyzing an important line of research known as “behavioral economics”, pioneered by Kahneman and Tversky, and translated into cybersecurity terms. In this way we attempt to determine a cybersecurity analog for well-known results in economic prospect theory to be able to estimate the costs of cyberattacks and defenses.
Wayne Patterson, Marton Gergely
Representing a Human-Centric Cyberspace
Abstract
There is a lack of consensus when using the term “cyberspace” [1]. Computers and network devices are prominent in definitions of cyberspace; less common is the essential and inclusion of human users. However, the human user is both implicitly integral to and actively part of the cyberspace.
Cyberspace is often conceptualized as three layers of interconnected networks: social, information and geospatial (physical) [2]. These represent an indirect human element within cyberspace. This is characteristic of related fields, such as cybersecurity, where human-centered research has been lagging behind technological aspects. A model that incorporates the human user in cyberspace is needed to direct future research and improve security and usability (navigation).
A new human-centric model of cyberspace is proposed (the HCCM), with the user as a physical and integral entity, together with recognition of the cognitive representation of cyberspace. It focuses on boundaries and transformation points between objects and spaces and offers a platform for future human-centric research in cybersecurity.
Phoebe M. Asquith, Phillip L. Morgan
Trust in News and Information in Social Media
Abstract
Social media have significantly changed news consumption. The social media enables users to share anything through a single click on the screen and makes it easy to spread different kinds of information from the news article to the social network. Little effort is made to validate the authenticity of the information and how the social circle is influenced by such news. In this study, we attempt to analyze how much people get the News from social media and if they check the authenticity of the news.
The study includes two parts: a pilot study to observe the people’s actual behavior with news posting on social media and a survey.
The survey is designed to collect quantitative data with an online survey. The survey has been administered to students from a public university in Silicon Valley, California, in 2020. This paper summarizes the finding and analysis of the results.
Abbas Moallem
Is Data Protection a Relevant Indicator for Measuring Corporate Reputation?
Abstract
Over the last few years the importance of reputation has grown both for individuals and organizations, especially because of the Internet and social media platforms. Considering the value of data and information, corporate reputation also passes through companies’ ability to protect sensitive customers’ data. When compromised, after a cyberattack or a data breach, one of the most important risks for a company is the loss of customers’ trust and the negative impact for future business. Therefore, privacy and security data should be considered as a priority for organizations to safeguard trust and business. In literature, models measuring reputation consider several dimensions, such as leadership, vision, corporate social responsibility, emotional attractiveness. In this paper we analyse the relationship between cyber-threats and reputation and, on the basis of models available in literature, we discuss the possibility of including data protection among indicators for measuring corporate reputation.
Isabella Corradini, Enrico Nardelli
Backmatter
Metadata
Title
Advances in Human Factors in Cybersecurity
Editors
Isabella Corradini
Prof. Enrico Nardelli
Dr. Tareq Ahram
Copyright Year
2020
Electronic ISBN
978-3-030-52581-1
Print ISBN
978-3-030-52580-4
DOI
https://doi.org/10.1007/978-3-030-52581-1