SBES TWC: Phase: Small: Protecting the Bazaar: The Ecology of Cybersecurity in Weakly Fortified Networks

SBES TWC：阶段：小型：保护集市：弱防御网络中的网络安全生态

• 批准号: 1223634
• 负责人: David Maimon
• 金额: $ 64.78万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223634&HistoricalAwards=false
• 关键词: SBES; TWC; Phase; Small; Protecting

While policy interest and empirical research on cyber attacks have both increased substantially in recent years, very little attention has been focused on the local ecology of actively operating computer networks. In the research proposed we focus on a bazaar computing environment (i.e. weakly fortified computer networks where a wide variety of users engage in a range of activities with minimal security in largely unregulated settings) and seek to answer three broad research questions: (1) can users within bazaar environments be educated to engage in less risky on-line behavior? (2) can hackers within bazaar environments be deterred through available options? and (3) if users can be educated and hackers can be deterred what is the optimal environment in which IT management can maximize education of users and deterrence of hackers within weakly fortified environments? The proposed research represents a collaboration between criminologists, psychologists, and computer security experts and will evaluate criminological theories within cyberspace using, in addition to survey data and experimental design, detailed network and target computer data drawn from the real time operation of an organization network. Intellectual Merit A major goal of this project is to move toward a new integrated social science perspective on cybercrime. The pathway to such integration is through the social ecology of a local computing environment. The research proposed here, which simultaneously examines the characteristics of users-victims, offenders-hackers and the computing environment where they interact, will provide a rare opportunity to integrate these situational components. In addition to providing new insights into criminology theory, the proposed research will provide detailed information on the interaction of hackers and users within the context of a weakly fortified computing environment.Broader Impact We believe that our ecological approach to cyber security will offer useful insights for ways of improving online security by identifying those system configurations that discourage victim behaviors that are especially likely to result in attacks and deter attackers from malicious activities. Bringing information together from potential victims and offenders within the world of an operating computer environment will allow the development of more efficient safety programs and strategies and has the potential to increase the security of computer systems and strengthen users' confidence and trust in their systems and the cyber environment more generally.

虽然近年来对网络攻击的政策兴趣和实证研究都大幅增加，但很少有人关注积极运行计算机网络的本地生态。 在提出的研究中，我们专注于一个集市计算环境（即弱强化的计算机网络，各种各样的用户从事一系列活动，在很大程度上不受管制的设置最低限度的安全性），并寻求回答三个广泛的研究问题：（1）可以在集市环境中的用户进行教育，从事风险较低的在线行为？ (2)集市环境中的黑客是否可以通过现有的选择加以阻止？以及（3）如果可以教育用户并可以阻止黑客，那么什么是最佳环境，在这种环境中，IT管理可以在弱防御环境中最大限度地教育用户并阻止黑客？ 拟议的研究代表了犯罪学家，心理学家和计算机安全专家之间的合作，并将评估犯罪学理论在网络空间内使用，除了调查数据和实验设计，详细的网络和目标计算机数据从真实的时间操作的组织网络。该项目的一个主要目标是朝着一个新的综合社会科学的角度对网络犯罪。这种集成的途径是通过本地计算环境的社会生态。这里提出的研究，同时检查用户的受害者，罪犯，黑客和他们互动的计算环境的特点，将提供一个难得的机会，整合这些情况下的组件。 除了为犯罪学理论提供新的见解，更广泛的影响我们相信，我们对网络安全的生态学方法将通过识别那些阻止受害者行为的系统配置，为改善在线安全的方法提供有用的见解，这些行为特别可能导致并阻止攻击者进行恶意活动。 将潜在受害者和犯罪者的信息汇集在计算机操作环境的世界中，将有助于制定更有效的安全方案和战略，并有可能提高计算机系统的安全性，增强用户对其系统和更广泛的网络环境的信心和信任。