COMMANDO-HUMANS: COMputational Modelling and Automatic Non-intrusive Detection Of HUMan behAviour based iNSecurity
COMMANDO-HUMANS:基于 iNSecurity 的人类行为的计算建模和自动非侵入式检测
基本信息
- 批准号:EP/N020111/1
- 负责人:
- 金额:$ 26.52万
- 依托单位:
- 依托单位国家:英国
- 项目类别:Research Grant
- 财政年份:2016
- 资助国家:英国
- 起止时间:2016 至 无数据
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
This project addresses mainly the Human Factors challenge of the joint Singapore-UK call, and it has an interdisciplinary team with expertise in cyber security, cognitive psychology, and human-computer interface (HCI). It aims at producing direct evidence that human behaviour related insecurity can be detected automatically by applying human cognitive models to model and simulate humans involved in security systems. A key outcome of the project will be a working software system that can be used for this purpose by researchers and practitioners. The project will focus on human user authentication systems as a representative use case and will produce new knowledge on the role of human behaviours in such systems and security systems in general. Both the software framework and new knowledge on human behaviours can also help address other challenges of the call (e.g., detection of intruders/extremists requires knowledge on how they behave; protection of user privacy require knowledge on how human users handle personal data; policy makers need to understand behaviours of their organisations' employees and human attackers targeting their organisations to make more informed decisions).It has been well known that human factors are a very important aspect of cyber security, as recognised by governments all over the world e.g., in the UK Cyber Security Strategy (2011), in Singapore's National Cyber Security Masterplan 2018 (2013), and in the US Federal Cybersecurity Research and Development Strategic Plan (2011). Human related insecurity is often related to intended or unintentional (maybe subconscious) insecure human behaviours. To conduct research on human behaviours (in cyber security, HCI, psychology and other related fields), researchers normally depend on involvement of real human users via surveys, interviews, simulated scenarios, observations of real cases, interactive games, or other specially designed user studies. Such approaches are often time-consuming and costly, and suffer from other issues like limited and/or biased samples, questionable ecological validity, difficulties in reproducing results, and impossibility of running some studies due to ethical/privacy/legal concerns.This project aims at developing the first (to the best our knowledge) general-purpose computational framework and supporting software tools that will enable automatic detection of human behaviour related insecurity at the HCI level without the need to involve real human users. The framework will be built on computational models of human cognitive processes, HCIs, human behaviour related attacks and (in)security measures. The framework will be non-intrusive: instead of evaluating the running system itself, the framework will evaluate an abstract executable model of the system and humans involved. Removing real human users from the process allows faster and more objective inspection of potential insecurity of a given security system. The automated process can still be combined with traditional user studies to make better use of limited resources in automatically detecting potential insecurity problems deserving further manual analysis.The framework and software tools developed will be of great value for cyber security researchers, security system designers/developers and security industry to deliver securer systems to end users. As a natural byproduct, they will also allow easier evaluation of usability of security and non-security related computer systems with an HCI. As we mentioned above in this summary, people having concerns on other challenges of the call can benefit from the project's outcomes as well.In this project we will focus mainly on HCI-level ("micro") human behaviours, but possible extensions to higher-level ("macro") behaviours (e.g., how human users adapt their behaviours over time via rehearsals and learning) will be looked at as well to pave the way for our future research.
该项目主要解决新加坡-英国联合呼吁的人为因素挑战,它拥有一个在网络安全,认知心理学和人机界面(HCI)方面具有专业知识的跨学科团队。它的目的是产生直接的证据表明,人类行为相关的不安全可以通过应用人类认知模型来建模和模拟参与安全系统的人类来自动检测。该项目的一个关键成果将是一个可供研究人员和从业人员用于这一目的的工作软件系统。该项目将把人类用户认证系统作为一个代表性用例,并将产生关于人类行为在此类系统和一般安全系统中的作用的新知识。软件框架和关于人类行为的新知识也可以帮助解决呼叫的其他挑战(例如,检测入侵者/极端分子需要了解他们的行为方式;保护用户隐私需要了解人类用户如何处理个人数据;政策制定者需要了解其组织的员工和针对其组织的人类攻击者的行为,以做出更明智的决策)。众所周知,人为因素是网络安全的一个非常重要的方面,如世界各国政府所承认的,英国网络安全战略(2011年)、新加坡2018年国家网络安全总体规划(2013年)和美国联邦网络安全研究与发展战略计划(2011年)。与人类相关的不安全感通常与有意或无意(可能是潜意识)的不安全人类行为有关。为了对人类行为进行研究(在网络安全,人机交互,心理学和其他相关领域),研究人员通常依赖于通过调查,访谈,模拟场景,观察真实的案例,互动游戏或其他专门设计的用户研究来参与真实的人类用户。这些方法通常耗时且昂贵,并且存在其他问题,如有限和/或有偏见的样本,可疑的生态有效性,难以重现结果,由于伦理/隐私/法律的考虑,不可能进行一些研究。本项目旨在开发第一个(据我们所知)一般-目的计算框架和支持软件工具,其将使得能够在HCI级别自动检测人类行为相关的不安全性,而不需要涉及真实的人类用户。该框架将建立在人类认知过程、人机交互、人类行为相关攻击和安全措施的计算模型基础上。该框架将是非侵入性的:而不是评估运行的系统本身,该框架将评估系统的抽象可执行模型和所涉及的人。从过程中移除真实的人类用户允许对给定安全系统的潜在不安全性进行更快和更客观的检查。自动化过程仍然可以与传统的用户研究相结合,以更好地利用有限的资源,自动检测潜在的不安全问题,需要进一步的人工分析。开发的框架和软件工具将对网络安全研究人员,安全系统设计师/开发人员和安全行业提供更安全的系统给最终用户具有重要价值。作为一个自然的副产品,它们也将允许更容易地评估安全和非安全相关的计算机系统与HCI的可用性。正如我们在本摘要中提到的,对呼叫的其他挑战有顾虑的人也可以从项目的成果中受益。在这个项目中,我们将主要关注HCI级别(“微观”)的人类行为,但可能扩展到更高级别(“宏观”)的行为(例如,人类用户如何通过排练和学习随着时间的推移适应他们的行为)也将被视为为我们未来的研究铺平道路。
项目成果
期刊论文数量(9)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Making a good thing better: enhancing password/PIN-based user authentication with smartwatch
- DOI:10.1186/s42400-018-0009-4
- 发表时间:2018-08
- 期刊:
- 影响因子:3.1
- 作者:Bing Chang;Yingjiu Li;Qiongxiao Wang;W. Zhu;R. Deng
- 通讯作者:Bing Chang;Yingjiu Li;Qiongxiao Wang;W. Zhu;R. Deng
When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
- DOI:10.1016/j.cose.2018.09.003
- 发表时间:2018-10
- 期刊:
- 影响因子:0
- 作者:Ximing Liu;Yingjiu Li;R. Deng;Bing Chang;Shujun Li
- 通讯作者:Ximing Liu;Yingjiu Li;R. Deng;Bing Chang;Shujun Li
Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?
- DOI:10.4108/eai.13-7-2018.162797
- 发表时间:2019-08
- 期刊:
- 影响因子:0
- 作者:S. Alqahtani;Shujun Li;Haiyue Yuan;P. Rusconi
- 通讯作者:S. Alqahtani;Shujun Li;Haiyue Yuan;P. Rusconi
Data-driven multimedia forensics and security
数据驱动的多媒体取证和安全
- DOI:10.1016/j.jvcir.2018.06.023
- 发表时间:2018
- 期刊:
- 影响因子:2.6
- 作者:Rocha A
- 通讯作者:Rocha A
2nd International Workshop on Multimedia Privacy and Security
第二届多媒体隐私与安全国际研讨会
- DOI:10.1145/3243734.3243876
- 发表时间:2018
- 期刊:
- 影响因子:0
- 作者:Hallman R
- 通讯作者:Hallman R
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Shujun Li其他文献
Cognitive Approaches to Human Computer Interaction
人机交互的认知方法
- DOI:
- 发表时间:
2020 - 期刊:
- 影响因子:0
- 作者:
Haiyue Yuan;Shujun Li;P. Rusconi - 通讯作者:
P. Rusconi
Enhanced perceptual image authentication with tamper localization and self-restoration
通过篡改定位和自我恢复增强感知图像认证
- DOI:
10.1109/icme.2014.6890128 - 发表时间:
2014 - 期刊:
- 影响因子:0
- 作者:
Fang Liu;Hui Wang;Lee;A. Ho;Shujun Li - 通讯作者:
Shujun Li
Influence of Manufacturing Parameters on the Properties of Electron Beam Melted Ti-Ni Alloy
制造参数对电子束熔炼钛镍合金性能的影响
- DOI:
10.11900/0412.1961.2019.00410 - 发表时间:
2020 - 期刊:
- 影响因子:0
- 作者:
Dechun Ren;Huibo Zhang;Xiaodong Zhao;Fuyu Wang;W. Hou;Shaogang Wang;Shujun Li;Jin Wei;Rui Yang - 通讯作者:
Rui Yang
Targeted inhibition of miR-221/222 promoted cell sensitivity to cisplatin in triple negative breast cancer
靶向抑制 miR-221/222 促进三阴性乳腺癌细胞对顺铂的敏感性
- DOI:
- 发表时间:
- 期刊:
- 影响因子:3.7
- 作者:
Shujun Li;Qun Li;Jinhui Lü;Qian Zhao;Danni Li;Lei Shen;Zhongyue Wang;Junjun Liu;Dongping Xie;William C. Cho;Shaohua Xu;Zuoren Yu - 通讯作者:
Zuoren Yu
Highly Efficient Reduction of Carbon Dioxide with a Borane Catalyzed by Bis(phosphinite) Pincer Ligated Palladium Thiolate Complexes
双(次亚膦酸酯)钳连接的硫醇钯配合物催化硼烷高效还原二氧化碳
- DOI:
10.1039/c6cc07987c - 发表时间:
2016 - 期刊:
- 影响因子:4.9
- 作者:
Qiang-Qiang Ma;Ting Liu;Shujun Li;Jie Zhang;Xuenian Chen;Hairong Guan - 通讯作者:
Hairong Guan
Shujun Li的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Shujun Li', 18)}}的其他基金
PRIvacy-aware personal data management and Value Enhancement for Leisure Travellers (PriVELT)
注重隐私的个人数据管理和休闲旅行者的价值提升 (PriVELT)
- 批准号:
EP/R033749/1 - 财政年份:2018
- 资助金额:
$ 26.52万 - 项目类别:
Research Grant
Academic Centre of Excellence in Cyber Security Research - University of Kent
网络安全研究卓越学术中心 - 肯特大学
- 批准号:
EP/S018964/1 - 财政年份:2018
- 资助金额:
$ 26.52万 - 项目类别:
Research Grant
ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks
接受:通过共同进化方法解决网络安全和网络犯罪问题,以减少与人类相关的风险
- 批准号:
EP/P011896/1 - 财政年份:2017
- 资助金额:
$ 26.52万 - 项目类别:
Research Grant
ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks
接受:通过共同进化方法解决网络安全和网络犯罪问题,以减少与人类相关的风险
- 批准号:
EP/P011896/2 - 财政年份:2017
- 资助金额:
$ 26.52万 - 项目类别:
Research Grant
相似海外基金
The computational and neural mechanisms linking decision-making and memory in humans
连接人类决策和记忆的计算和神经机制
- 批准号:
10808667 - 财政年份:2023
- 资助金额:
$ 26.52万 - 项目类别:
CRII: CHS: RUI: Computational models of humans for studying and improving Human-AI interaction
CRII:CHS:RUI:用于研究和改善人机交互的人类计算模型
- 批准号:
2218226 - 财政年份:2022
- 资助金额:
$ 26.52万 - 项目类别:
Standard Grant
Computational Models of Humans
人类的计算模型
- 批准号:
RGPIN-2017-04604 - 财政年份:2021
- 资助金额:
$ 26.52万 - 项目类别:
Discovery Grants Program - Individual
Computational and electrochemical substrates of social decision-making in humans
人类社会决策的计算和电化学基础
- 批准号:
10059060 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Development and validation of a computational model of higher-order statistical learning on graphs in humans
人类图高阶统计学习计算模型的开发和验证
- 批准号:
10059133 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Computational and electrochemical substrates of social decision-making in humans
人类社会决策的计算和电化学基础
- 批准号:
10428547 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Computational and electrochemical substrates of social decision-making in humans
人类社会决策的计算和电化学基础
- 批准号:
10640947 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Computational and electrochemical substrates of social decision-making in humans
人类社会决策的计算和电化学基础
- 批准号:
10227238 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Computational Models of Humans
人类的计算模型
- 批准号:
RGPIN-2017-04604 - 财政年份:2020
- 资助金额:
$ 26.52万 - 项目类别:
Discovery Grants Program - Individual
Computational Models of Humans
人类的计算模型
- 批准号:
RGPIN-2017-04604 - 财政年份:2019
- 资助金额:
$ 26.52万 - 项目类别:
Discovery Grants Program - Individual