The project will investigate human factors in network security. The security of network systems relies on proper protection from not only known vulnerabilities, but also new vulnerabilities resulting from unexpected human behavior. The project will directly address a user's situational behavior and its consequence on network security. It engages in the challenges of modeling decision-making process and integrating it in the human-network interaction. If the user's behavior can be predicted and its impact on network vulnerability can be estimated, the network manager can effectively close vulnerabilities and avoid grave security breaches. This will change the view of a network as a static infrastructure and security holes as design flaws of the infrastructure, and it will regard humans as an integral factor in network security. The project involves theoretical and experimental study from behavioral science and research methodology from computer science and statistics in modeling the decision-making process. It uses the model to predict user behavior when the user's psychological state and network variables have changed, which would greatly assist the network manager to attain an up-to-date assessment of network vulnerability. The work includes three thrusts: 1) a theoretical framework for studying human cyber behavior, 2) experimental study on human subjects in a cyber environment, and 3) comprehensive human-network system-level vulnerability analysis. The major outcome of this project is an integrated framework to include human factors in network vulnerability analysis.
EAGER: Factoring User Behavior into Network Security Analysis