Human-Centric Cybersecurity

以人为本的网络安全

• 批准号: RGPIN-2020-04121
• 负责人: Ghorbani, Aliakbar
• 金额: $ 2.99万
• 依托单位: University of New Brunswick
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=746472
• 关键词: Human; Centric; Cybersecurity

Over 90% of all cyber incidents are human enabled. Emails, external websites, and Internet activities are the most challenging end-user applications to secure against attacks such as Denial-of-Service, website defacement, access to sensitive information, and attacks on critical infrastructure, but they cover more than 80% of end-users' daily work activities. Current research focuses are on keeping devices and data secure, but fails to characterize and prioritize the user experience/role as a critical factor in understanding trending cyber-attacks and building new security solutions. Generally speaking, users are becoming ever weaker links in the security chain, making user risk profiling increasingly important and highly useful for vulnerability assessment and risk analysis. The long-term objectives of this research program are: 1)enabling the development of cybersecurity solutions by focusing on human-oriented issues and problems as the most significant vulnerabilities in cyber operations, especially where the current security solutions fail to protect organizations from cyber-attacks; 2) investigating the role of individuals in understanding trending cyber-attacks, managing risks, attributing cyber threats, and building intelligence-driven cybersecurity solutions; and, 3)developing intelligence-driven cybersecurity solutions that will support complex user behaviour and the corresponding threat landscape using data-intensive analytics and user behaviour analysis. The short-term objective is to develop methodologies and techniques for creating an integrated user profiling and cyber attribution framework consisting of 1) a comprehensive data collection and content maintenance framework; 2) user, content and context-based features extraction and contents classification techniques; 3) dynamic user models for capturing user's security-related usage activities, preferences, and baseline behaviour; 4) user behaviour monitoring algorithms to estimate the security-related intent of a user; and 5) a cyber attribution model. The proposed program will explore the development and evolution of human behaviour-centred cybersecurity from the perspectives of 1) Threat profiling by developing an advanced cyber threat intelligence platform for threat derivation, characterization, modelling evolution, and evaluation, and understanding of the nature and complexity of new and emerging cyber threats; 2) Attacker profiling through malicious and risk analysis, malware authors' emergent behaviour, and threat detection; 3) Target profiling through vulnerability analysis; and, 4) Random user profiling through trust and reputation analysis. We will build the profiles for the above objectives in three environments: 1) Work environment: the user is an employee at a private/public organization; 2) Daily environment: a random Internet user or online visitor; and 3) Smart environment: the user works/lives in a smart environment (smart home, smart city, etc.).

超过90%的网络事件都是人为造成的。电子邮件、外部网站和互联网活动是最具挑战性的最终用户应用程序，需要保护其免受拒绝服务、网站篡改、敏感信息访问和关键基础设施攻击等攻击，但它们覆盖了最终用户80%以上的日常工作活动。目前的研究重点是保持设备和数据的安全性，但未能将用户体验/角色作为理解网络攻击趋势和构建新安全解决方案的关键因素进行表征和优先考虑。一般来说，用户正成为安全链中越来越薄弱的环节，使得用户风险分析对于脆弱性评估和风险分析越来越重要和非常有用。该研究计划的长期目标是：1）通过关注以人为本的问题和网络操作中最重要的漏洞，特别是当前的安全解决方案无法保护组织免受网络攻击的问题，从而开发网络安全解决方案; 2）调查个人在理解网络攻击趋势、管理风险、归因于网络威胁方面的作用，和建立情报驱动的网络安全解决方案;以及，3）开发情报驱动的网络安全解决方案，使用数据密集型分析和用户行为分析来支持复杂的用户行为和相应的威胁形势。短期目标是发展方法和技术，以建立一个综合的用户分析和网络属性框架，包括：1）一个全面的数据收集和内容维护框架; 2）基于用户、内容和上下文的特征提取和内容分类技术; 3）动态用户模型，用于捕获用户与安全有关的使用活动、偏好和基线行为; 4）用户行为监测算法，以估计用户的安全相关意图;以及5）网络归因模型。 拟议的计划将从以下角度探索以人类行为为中心的网络安全的发展和演变：1）通过开发先进的网络威胁情报平台进行威胁推导，表征，建模演变和评估，并了解新的和新兴的网络威胁的性质和复杂性，进行威胁分析; 2）通过恶意和风险分析、恶意软件作者的紧急行为和威胁检测进行攻击者分析; 3）通过漏洞分析进行目标分析;以及4）通过信任和声誉分析进行随机用户分析。 我们将在三种环境中构建上述目标的配置文件：1）工作环境：用户是私人/公共组织的员工; 2）日常环境：随机互联网用户或在线访问者;以及3）智能环境：用户在智能环境（智能家居，智能城市等）中工作/生活。