Cyber Deception and Cyberpsychology for Defense
Permanent URI for this collection
Browse
Recent Submissions
Item TSM: Measuring the Enticement of Honeyfiles with Natural Language Processing(2022-01-04) Timmer, Roelien; Liebowitz, David; Nepal, Surya; Kanhere, SalilHoneyfile deployment is a useful breach detection method in cyber deception that can also inform defenders about the intent and interests of intruders and malicious insiders. A key property of a honeyfile, enticement, is the extent to which the file can attract an intruder to interact with it. We introduce a novel metric, Topic Semantic Matching (TSM), which uses topic modelling to represent files in the repository and semantic matching in an embedding vector space to compare honeyfile text and topic words robustly. We also present a honeyfile corpus created with different Natural Language Processing (NLP) methods. Experiments show that TSM is effective in inter-corpus comparisons and is a promising tool to measure the enticement of honeyfiles. TSM is the first measure to use NLP techniques to quantify the enticement of honeyfile content that compares the essential topical content of local contexts to honeyfiles and is robust to paraphrasing.Item The interaction of dark traits with the perceptions of apprehension(2022-01-04) Gaia, Joana; Murray, David; Sanders, George; Sanders, Sean; Upadhyaya, Shambhu; Wang, Xunyi; Yoo, ChulThis paper integrates dark personality traits with the economics of crime and rational choice theories to identify the role that the Dark Triad and thrill-seeking have on the perceptions of being caught engaging in violating privacy laws. Psychopathy and thrill-seeking had a moderate negative effect on the perceptions of the probability of being apprehended for distributing illegally obtained healthcare information. The implication is that individuals scoring high on the psychopathy and thrill-seeking scales will need less money or monetary incentives to violate HIPAA laws. We also found additional support that white hat hackers score high on the Machiavellian, psychopathy and thrill-seeking scales. We also validated a previous finding that a white hat hacker might drift towards grey hat and black hat hacking.Item Responsible Integration of Behavioral Science in Computer Science Research and Development(2022-01-04) Niedbala, Elizabeth; Ferguson-Walter, Kimberly; Lafon, DanaCross disciplinary research is essential for technological innovation. For decades, computer science (Comp Sci) has leveraged behavior science (Behav Sci) research to create innovative products and improve end user experience. Despite the natural challenges that come with cross disciplinary work, there are no published manuscripts outlining how to responsibly integrate Behav Sci into Comp Sci research and development. This publication fills this critical gap by discussing important differences between Behav Sci and Comp Sci, particularly with regard to how each field fits under the umbrella of science and how each field conceptualizes data. We then discuss the consequences of misusing Behav Sci and provide examples of technology efforts that drew inappropriate or unethical conclusions about their behavioral data. We discuss in detail common errors to avoid at each stage of the research process, which we condensed into a useful checklist to use as a tool for teams integrating Behav Sci in their work. Finally, we include examples of good applications of Behav Sci into Comp Sci research, the design of which can inform and strengthen digital government, e-commerce, defense, and many other areas of information technology.Item Predicting the Threat: Investigating Insider Threat Psychological Indicators With Deep Learning(2022-01-04) Horneman, Angela; Ditmore, Bob; Motell, Craig; Levy, MatthewThe term “insider threat” can take many forms, ranging from an information security risk to the threat of an active shooter. Accordingly, it is beneficial to researchers and practitioners to understand the relationship between psychological factors and the different types of threats an insider may pose to an organization. This research advances this understanding. Specifically, we investigate the three-way relationship between user-generated text, psychological factors espoused in insider threat literature, and risk indicator categories used by the U.S. Government. We employ advancements in machine learning and Natural Language Processing to investigate this relationship. Specifically, we use Bidirectional Encoder Representations from Transformers (BERT) for word embedding and vector space modeling. Our results indicate that there are indeed associations between established risk categories and the psychological factors seen as predictive of malicious insiders. Our exploratory research also reveals that further research is warranted to advance the predictive capability of insider threat modeling.Item Modeling Phishing Decision using Instance Based Learning and Natural Language Processing(2022-01-04) Xu, Tianhao; Singh, Kuldeep; Rajivan, PrashanthPhishing is the practice of deceiving humans into disclosing sensitive information or inappropriately granting access to a secure system. Unfortunately, there is a severe lack of theoretical models to adequately explain and predict the cognitive dynamics underlying end-user susceptibility to phishing emails. This paper reports findings from an Instance-Based Learning (IBL) model developed to predict human response to emails obtained from a laboratory experiment. Particularly, this work investigates the effectiveness of using established natural language processing methods, such as LSA, GloVe, and BERT, to represent email text within IBL models. We found that using representations that consider contextual meanings assigned by humans could enable IBL agents to predict human response with high accuracy (>80%). In addition, we found that traditional NLP methods that capture semantic meanings in natural language may not be effective at representing how people may encode and recall email messages. We discuss the implications of these findings.Item A Task Analysis of Static Binary Reverse Engineering for Security(2022-01-04) Nyre-Yu, Megan; Butler, Karin; Bolstad, CherylSoftware is ubiquitous in society, but understanding it, especially without access to source code, is both non-trivial and critical to security. A specialized group of cyber defenders conducts reverse engineering (RE) to analyze software. The expertise-driven process of software RE is not well understood, especially from the perspective of workflows and automated tools. We conducted a task analysis to explore the cognitive processes that analysts follow when using static techniques on binary code. Experienced analysts were asked to statically find a vulnerability in a small binary that could allow for unverified access to root privileges. Results show a highly iterative process with commonly used cognitive states across participants of varying expertise, but little standardization in process order and structure. A goal-centered analysis offers a different perspective about dominant RE states. We discuss implications about the nature of RE expertise and opportunities for new automation to assist analysts using static techniques.Item Introduction to the Minitrack on Cyber Deception and Cyberpsychology for Defense(2022-01-04) Fugate, Sunny; Bishop, Matt; Wang, Cliff; Ferguson-Walter, Kimberly