Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - January 2023Conflict Detection Enabled

Submitted by Jamie Presken on Tue, 12/13/2022 - 2:23pm

PI(s), Co-PI(s), Researchers:

Lorrie Cranor, Nicolas Christin

Researchers: Sarah Pearman, Jeremy Thomas

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.

PUBLICATIONS

N/A this quarter

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."

Paper Submitted: Accurate and Generalizable Behavior-Based Models for Predicting User Exposure to Malicious Websites. Kyle Crichton, Jin-Dong Dong, Akira Yamada, Yukikio Sawaya, Lorrie Cranor, and Nicolas Christin. Submitted to USENIX Security 2023.

  • This project first evaluates a previously created algorithm using the SBO dataset and an external dataset as comparison points. Our findings validate the initial results.
  • We then improve upon these methods by employing a new sequential representation of user browsing, rather than the aggregate session metrics, to better capture browsing data.
  • Using this new data structure along with a Long Short-Term Memory (LSTM) prediction model, a substantial increase in predictive accuracy (AUC score of 0.994) is achieved that reaches the level that could make it viable in a number of real-world security use cases.
  • These improvements are reproducible across two disparate datasets, one of home computer users in the United States (SBO) and another of computer users in Japan.
  • Additional features present in the SBO dataset is tested to compare predictive ability of models deployed in the user's browser to that deployed on the network but only minor differences are observed.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES (If Applicable)

Groups: