EAGER: Factoring User Behavior into Network Security Analysis

EAGER：将用户行为纳入网络安全分析

• 批准号: 1665235
• 负责人: Maggie Cheng
• 金额: $ 20.56万
• 依托单位: New Jersey Institute of Technology
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1665235&HistoricalAwards=false
• 关键词: EAGER; Factoring; User; Behavior; into

The project will investigate human factors in network security. The security of network systems relies on proper protection from not only known vulnerabilities, but also new vulnerabilities resulting from unexpected human behavior. The project will directly address a user's situational behavior and its consequence on network security. It engages in the challenges of modeling decision-making process and integrating it in the human-network interaction. If the user's behavior can be predicted and its impact on network vulnerability can be estimated, the network manager can effectively close vulnerabilities and avoid grave security breaches. This will change the view of a network as a static infrastructure and security holes as design flaws of the infrastructure, and it will regard humans as an integral factor in network security.The project involves theoretical and experimental study from behavioral science and research methodology from computer science and statistics in modeling the decision-making process. It uses the model to predict user behavior when the user's psychological state and network variables have changed, which would greatly assist the network manager to attain an up-to-date assessment of network vulnerability. The work includes three thrusts: 1) a theoretical framework for studying human cyber behavior, 2) experimental study on human subjects in a cyber environment, and 3) comprehensive human-network system-level vulnerability analysis. The major outcome of this project is an integrated framework to include human factors in network vulnerability analysis.

该项目将调查网络安全中的人为因素。网络系统的安全性不仅依赖于对已知漏洞的适当保护，还依赖于对意外人类行为导致的新漏洞的适当保护。该项目将直接解决用户的情境行为及其对网络安全的影响。它致力于对决策过程进行建模并将其集成到人际网络交互中。如果能够预测用户的行为并估计其对网络漏洞的影响，网络管理者就可以有效地关闭漏洞，避免严重的安全漏洞。 这将改变以往把网络看作是静态基础设施、把安全漏洞看作是基础设施的设计缺陷的看法，把人看作是网络安全的一个不可或缺的因素。该项目涉及行为科学的理论和实验研究以及计算机科学和统计学的研究方法，对决策过程进行建模。当用户的心理状态和网络变量发生变化时，它使用该模型来预测用户的行为，这将极大地帮助网络管理员获得最新的网络脆弱性评估。 这项工作包括三个方面：1）研究人类网络行为的理论框架，2）在网络环境中对人类主体的实验研究，3）全面的人-网络系统级脆弱性分析。该项目的主要成果是一个综合框架，将人为因素纳入网络脆弱性分析。