Human-Centric Cybersecurity

以人为本的网络安全

• 批准号: RGPIN-2020-04121
• 负责人: Ghorbani, Aliakbar
• 金额: $ 2.99万
• 依托单位: University of New Brunswick
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=714953
• 关键词: Human; Centric; Cybersecurity

Over 90% of all cyber incidents are human enabled. Emails, external websites, and Internet activities are the most challenging end-user applications to secure against attacks such as Denial-of-Service, website defacement, access to sensitive information, and attacks on critical infrastructure, but they cover more than 80% of end-users' daily work activities. Current research focuses are on keeping devices and data secure, but fails to characterize and prioritize the user experience/role as a critical factor in understanding trending cyber-attacks and building new security solutions. Generally speaking, users are becoming ever weaker links in the security chain, making user risk profiling increasingly important and highly useful for vulnerability assessment and risk analysis. The long-term objectives of this research program are: 1) enabling the development of cybersecurity solutions by focusing on human-oriented issues and problems as the most significant vulnerabilities in cyber operations, especially where the current security solutions fail to protect organizations from cyber-attacks; 2) investigating the role of individuals in understanding trending cyber-attacks, managing risks, attributing cyber threats, and building intelligence-driven cybersecurity solutions; and, 3) developing intelligence-driven cybersecurity solutions that will support complex user behaviour and the corresponding threat landscape using data-intensive analytics and user behaviour analysis. The short-term objective is to develop methodologies and techniques for creating an integrated user profiling and cyber attribution framework consisting of 1) a comprehensive data collection and content maintenance framework; 2) user, content and context-based features extraction and contents classification techniques; 3) dynamic user models for capturing user's security-related usage activities, preferences, and baseline behaviour; 4) user behaviour monitoring algorithms to estimate the security-related intent of a user; and 5) a cyber attribution model. The proposed program will explore the development and evolution of human behaviour-centred cybersecurity from the perspectives of 1) Threat profiling by developing an advanced cyber threat intelligence platform for threat derivation, characterization, modelling evolution, and evaluation, and understanding of the nature and complexity of new and emerging cyber threats; 2) Attacker profiling through malicious and risk analysis, malware authors' emergent behaviour, and threat detection; 3) Target profiling through vulnerability analysis; and, 4) Random user profiling through trust and reputation analysis. We will build the profiles for the above objectives in three environments: 1) Work environment: the user is an employee at a private/public organization; 2) Daily environment: a random Internet user or online visitor; and 3) Smart environment: the user works/lives in a smart environment (smart home, smart city, etc.).

超过90%的网络事件都是人为的。电子邮件、外部网站和互联网活动是最具挑战性的最终用户应用程序，需要确保其免受拒绝服务、网站毁损、访问敏感信息和对关键基础设施的攻击等攻击，但它们覆盖了最终用户80%以上的日常工作活动。目前的研究重点是确保设备和数据的安全，但未能将用户体验/角色作为了解网络攻击趋势和构建新的安全解决方案的关键因素来表征和区分优先顺序。总体而言，用户在安全链中变得越来越薄弱，这使得用户风险分析变得越来越重要，对于漏洞评估和风险分析非常有用。 这项研究计划的长期目标是： 1)通过将以人为本的问题和问题作为网络行动中最重大的弱点，特别是在目前的安全解决方案未能保护组织免受网络攻击的情况下，促进制定网络安全解决方案； 2)调查个人在了解网络攻击趋势、管理风险、确定网络威胁的归属和建立情报驱动的网络安全解决方案方面的作用；以及 3)开发情报驱动的网络安全解决方案，利用数据密集型分析和用户行为分析支持复杂的用户行为和相应的威胁格局。 短期目标是开发用于创建综合用户概况和网络属性框架的方法和技术，该框架包括1)全面的数据收集和内容维护框架；2)基于用户、内容和上下文的特征提取和内容分类技术；3)动态用户模型，用于捕获用户与安全相关的使用活动、偏好和基线行为；4)用户行为监控算法，以估计用户与安全相关的意图；以及5)网络属性模型。 该计划将从以下几个角度探讨以人类行为为中心的网络安全的发展和演变：1)通过开发先进的网络威胁情报平台进行威胁分析，以获得威胁、表征、模型演变和评估，以及了解新出现的网络威胁的性质和复杂性；2)通过恶意和风险分析、恶意软件作者的紧急行为和威胁检测来分析攻击者；3)通过漏洞分析来分析目标；以及4)通过信任和声誉分析来进行随机用户分析。 我们将在三个环境中为上述目标构建配置文件： 1)工作环境：用户为私人/公共机构的员工； 2)日常环境：随机的互联网用户或在线访问者； 3)智能环境：用户在智能环境(智能家居、智能城市等)中工作/生活。