Abstract
Cybersecurity focuses on technological solutions, skills, and setup. Nevertheless, advanced cyber attacks include aspects of social engineering and exploit the weaknesses of an individual. Advanced persistent threat actors are invisible. Therefore, after harvesting large amounts of publicly available data, they have overabundant time to stage a possible attack and choose a victim as the weakest link. On social media, people tend to disclose personal information in implicit and explicit ways. User profiles and What is on your mind messages on the social network can contain sensitive and private data, e.g. location, address, and birth date. However, user comments, Likes, and shared photos can determine the user’s personality during a personality trait analysis. Habits, interests, locations, and exposed loved ones are vulnerabilities that can be exploited during the cyber attack. Comprehensive image analysis, application of state of the art recognition techniques could be used to analyse shared photos of the individual, assume specific weaknesses, and predict behaviour-related features.
The work aims to build a formal ontology-based model for cybersecurity risk assessment that considers digital human characteristics. A multi-layered architecture solution was build as a proof of concept to maintain a set of artificial intelligence algorithms and specially developed questionnaires for data gathering and processing. The prototype enabled us to organise a small scale experiment to validate trait analysis methods. Also, it opened further research directions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Akinrolabu, O., Nurse, J.R., Martin, A., New, S.: Cyber risk assessment in cloud provider environments: current models and future needs. Comput. Secur. 87, 101600 (2019). https://doi.org/10.1016/j.cose.2019.101600
Blais, A.R., Weber, E.: A domain-specific risk-taking (DOSPERT) scale for adult populations. Judg. Decis. Making 1, 33–47 (2006). https://doi.org/10.1037/t13084-000
Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002
Cox, L.: Some limitations of “risk = threat \(\times \) vulnerability \(\times \) consequence’’ for risk analysis of terrorist attacks. Risk Anal.: Off. Publ. Soc. Risk Anal. 28, 1749–61 (2008). https://doi.org/10.1111/j.1539-6924.2008.01142.x
Egelman, S., Peer, E.: Scaling the security wall: developing a security behavior intentions scale (SeBIS). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, CHI 2015, pp. 2873–2882. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2702123.2702249
Gavett, B., Zhao, R., John, S., Bussell, C., Roberts, J., Yue, C.: Phishing suspiciousness in older and younger adults: the role of executive functioning. PLoS One 12, e0171620 (2017). https://doi.org/10.1371/journal.pone.0171620
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cybersecurity behavior intentions. Comput. Secur. 73, 345–358 (2017). https://doi.org/10.1016/j.cose.2017.11.015
Gupta, V.: Face detection - OpenCV, Dlib and deep learning (C++/Python) (2018). https://www.learnopencv.com/face-detection-opencv-dlib-and-deep-learning-c-python/. Accessed 16 June 2020
Hacibeyoglu, M., Ibrahim, M.H.: Human gender prediction on facial mobil images using convolutional neural networks. Int. J. Intell. Syst. Appl. Eng. 6(3), 203–208 (2018). https://doi.org/10.18201/ijisae.2018644778
Hennessy, R., Baldwin, P., Browne, D., Kinsella, A., Waddington, J.: Frontonasal dysmorphology in bipolar disorder by 3D laser surface imaging and geometric morphometrics: comparisons with schizophrenia. Schizophrenia Res. 122, 63–71 (2010). https://doi.org/10.1016/j.schres.2010.05.001
Hoffmann, R.: Stochastic model of the simple cyber kill chain: cyber attack process as a regenerative process. In: Saeed, K., Dvorský, J. (eds.) CISIM 2020. LNCS, vol. 12133, pp. 355–365. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-47679-3_30
International Personality Item Pool: Administering IPIP measures, with a 50-item sample questionnaire (2019). https://ipip.ori.org/New_IPIP-50-item-scale.htm. Accessed 25 Oct 2020
Kandler, C., Bleidorn, W., Riemann, R., Angleitner, A., Spinath, F.: The genetic links between the big five personality traits and general interest domains. Pers. Soc. Psychol. Bull. 37, 1633–1643 (2011). https://doi.org/10.1177/0146167211414275
Levi, G., Hassncer, T.: Age and gender classification using convolutional neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 34–42 (2015). https://doi.org/10.1109/CVPRW.2015.7301352
LLC, P.I.: Ninth annual cost of cybercrime study unlocking the value of improved cybersecurity protection (2019). https://www.accenture.com/_acnmedia/pdf-96/accene-2019-cost-of-cybercrime-study-final.pdf. Accessed 25 Jan 2020
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2016). https://doi.org/10.1016/j.chb.2016.11.065
Nagel, M., et al.: Meta-analysis of genome-wide association studies for neuroticism in 449,484 individuals identifies novel genetic loci and pathways. Nat. Genet. 50, 920–927 (2018). https://doi.org/10.1038/s41588-018-0151-7
Navabifar, F., Emadi, M., Yusof, R., Khalid, M.: What are the most common cyber attacks? https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html. Accessed 16 June 2020
Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: da Costa, P.C.G., Laskey, K.B. (eds.) Proceedings of the Seventh International Conference on Semantic Technologies for Intelligence, Defense, and Security, Fairfax, VA, USA, 23–26 October 2012. CEUR Workshop Proceedings, vol. 966, pp. 49–56. CEUR-WS.org (2012)
Oltramari, A., Cranor, L., Walls, R., McDaniel, P.: Building an ontology of cyber security. In: CEUR Workshop Proceedings, vol. 1304, pp. 54–61 (2014)
Pérez, J., Arenas, M., Gutierrez, C.: Semantics and complexity of SPARQL. In: Cruz, I., et al. (eds.) ISWC 2006. LNCS, vol. 4273, pp. 30–43. Springer, Heidelberg (2006). https://doi.org/10.1007/11926078_3
Roberts, R., Woodman, T.: Personality and performance: moving beyond the big 5. Curr. Opin. Psychol. 16, 104–108 (2017). https://doi.org/10.1016/j.copsyc.2017.03.033
Rodrìguez, P., Cucurull, G., Gonfaus, J.M., Roca, F.X., Gonzàlez, J.: Age and gender recognition in the wild with deep attention. Pattern Recogn. 72, 563–571 (2017). https://doi.org/10.1016/j.patcog.2017.06.028
Saha, K., Choudhury, M.: Modeling stress with social media around incidents of gun violence on college campuses. In: Proceedings of the ACM on Human-Computer Interaction, vol. 1, pp. 92:1–92:27 (2017). https://doi.org/10.1145/3134727
Scott, S., Bruce, R.: Decision-making style: the development and assessment of a new measure. Educ. Psychol. Meas.- EDUC PSYCHOL MEAS 55, 818–831 (1995). https://doi.org/10.1177/0013164495055005017
Shaily Pandey, S.S.: Review: face detection and recognition techniques. Int. J. Comput. Sci. Inf. Technol. 5(3), 4111–4117 (2014)
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2010, pp. 373–382. Association for Computing Machinery, New York (2010). https://doi.org/10.1145/1753326.1753383
Shin, K., Kim, K.M., Lee, J.: A study on the concept of social engineering cyber kill chain for social engineering based cyber operations. J. Korea Inst. Inf. Secur. Cryptol. 28(5), 1247–1258 (2018). https://doi.org/10.13089/JKIISC.2018.28.5.1247
Takahashi, T., Kadobayashi, Y.: Reference ontology for cybersecurity operational information. Comput. J. 2297–2312 (10 2014). https://doi.org/10.1093/comjnl/bxu101
Uebelacker, S., Quiel, S.: The social engineering personality framework. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust, pp. 24–30 (2014). https://doi.org/10.1109/STAST.2014.12
Wang, Y., Kosinski, M.: Deep neural networks are more accurate than humans at detecting sexual orientation from facial images. J. Pers. Soc. Psychol. 114, 246–257 (2018). https://doi.org/10.1037/pspa0000098
Wawrzyniak, D.: Information security risk assessment model for risk management. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 21–30. Springer, Heidelberg (2006). https://doi.org/10.1007/11824633_3
Acknowledgements
This work was partially supported by project Advancing Human Performance in Cybersecurity, ADVANCES. The ADVANCES is funded by Iceland, Liechtenstein and Norway through the EEA Grants.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Jurevičienė, A., Brilingaitė, A., Bukauskas, L. (2021). Digital Human in Cybersecurity Risk Assessment. In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2021. Lecture Notes in Computer Science(), vol 12776. Springer, Cham. https://doi.org/10.1007/978-3-030-78114-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-78114-9_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78113-2
Online ISBN: 978-3-030-78114-9
eBook Packages: Computer ScienceComputer Science (R0)