An Intelligent Agent Architecture to Influence Home Users’ Risky Behaviours

Users’ cybersecurity behaviour is very dynamic and changeable at home, and computer security is very challenging because there is no canonical and specific definition of home computer user. Many cybersecurity programs and information security best practices have focused on algorithms, methods and standards that cover main security functions but computer users are limited to perform multitask operations and processing information. These limitations affect their decision and full attention on security tasks. Users’ security decisions are also limited to their technological solutions. These solutions influence the users’ actions by providing security functions and mechanisms, but human factors also affect individual’s decisions. This paper proposes a decision-making process based on cognitive modelling which influences users’ behaviour during computer interaction at home. The cognitive modelling simulates human thinking process by using a software model. An intelligent agent architecture is also provided to gather information to identify users’ risky behaviours during any interaction with computers. This agent evaluates risks and recommends relevant awareness and efficient controls to reduce cybersecurity risks.

[1]  I. Ajzen The theory of planned behavior , 1991 .

[2]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[3]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[4]  David J. Bryant,et al.  Rethinking OODA: Toward a Modern Cognitive Framework of Command Decision Making , 2006 .

[5]  Ryan West,et al.  The psychology of security , 2008, CACM.

[6]  Raymond R. Panko,et al.  Monitoring for pornography and sexual harassment , 2002, CACM.

[7]  Michael Wooldridge,et al.  Introduction to multiagent systems , 2001 .

[8]  Rahul Telang,et al.  Does information security attack frequency increase with vulnerability disclosure? An empirical analysis , 2006, Inf. Syst. Frontiers.

[9]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[10]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[12]  N. Kussul,et al.  Intelligent System for Users' Activity Monitoring in Computer Networks , 2005, 2005 IEEE Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[13]  A. B. Ruighaver,et al.  Security Governance: Its Impact on Security Culture , 2005, AISM.

[14]  P. Trivellas,et al.  The Human Factor of Information Security: Unintentional Damage Perspective☆ , 2014 .

[15]  Irene M. Y. Woon,et al.  Perceptions of Information Security at the Workplace : Linking Information Security Climate to Compliant Behavior , 2006 .

[16]  Paul Benjamin Lowry,et al.  The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness , 2015, Inf. Syst. Res..

[17]  Prateek Joshi,et al.  Artificial Intelligence with Python , 2017 .

[18]  J. Malcolmson What is security culture? Does it differ in content from general organisational culture? , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[19]  Araceli Sanchis,et al.  Evolving systems for computer user behavior classification , 2013, 2013 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS).

[20]  Sunil Hazari,et al.  An Empirical Investigation of Factors Influencing Information Security Behavior , 2008 .

[21]  E. Weber,et al.  A Domain-Specific Risk-Attitude Scale: Measuring Risk Perceptions and Risk Behaviors , 2002 .

[22]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[23]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[24]  R. Rogers Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .

[25]  Mohammad Rahim,et al.  A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security , 2005, PACIS.