Review and insight on the behavioral aspects of cybersecurity

Stories of cyber attacks are becoming a routine in which cyber attackers show new levels of intention by sophisticated attacks on networks. Unfortunately, cybercriminals have figured out profitable business models and they take advantage of the online anonymity. A serious situation that needs to improve for networks’ defenders. Therefore, a paradigm shift is essential to the effectiveness of current techniques and practices. Since the majority of cyber incidents are human enabled, this shift requires expanding research to underexplored areas such as behavioral aspects of cybersecurity. It is more vital to focus on social and behavioral issues to improve the current situation. This paper is an effort to provide a review of relevant theories and principles, and gives insights including an interdisciplinary framework that combines behavioral cybersecurity, human factors, and modeling and simulation.

[1]  L. Roberts,et al.  Applying the Theory of Planned Behaviour to predicting online safety behaviour , 2013 .

[2]  George E. Higgins,et al.  Self-Control Theory and Crime , 2015 .

[3]  Manuel A. Rodriguez,et al.  Integrating Behavioral Science with Human Factors to Address Process Safety , 2017, Sources of Behavioral Variance in Process Safety.

[4]  Simon R Goerger Validating Human Behavioral Models for Combat Simulations Using Techniques for the Evaluation of Human Performance , 2004 .

[5]  Hilde van der Togt,et al.  Publisher's Note , 2003, J. Netw. Comput. Appl..

[6]  Collin Richards Payne The elaboration likelihood model of persuasion: Implications for trial advocacy , 2007 .

[7]  G. Rossolini,et al.  Treatment and control of severe infections caused by multiresistant Pseudomonas aeruginosa. , 2005, Clinical microbiology and infection : the official publication of the European Society of Clinical Microbiology and Infectious Diseases.

[8]  Robert F. Mills,et al.  Towards insider threat detection using web server logs , 2009, CSIIRW '09.

[9]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[10]  Shriya S Shetty,et al.  Survey of hacking techniques and it's prevention , 2017, 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI).

[11]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[12]  Salvatore J. Stolfo,et al.  Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.

[13]  Sven Übelacker,et al.  The Social Engineering Personality Framework , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.

[14]  Nasir D. Memon,et al.  Phishing, Personality Traits and Facebook , 2013, ArXiv.

[15]  B. Payne,et al.  Cyber Security and Criminal Justice Programs in the United States: Exploring the Intersections , 2018 .

[16]  Jan Noyes The human factors toolkit , 2004 .

[17]  Avi Parush,et al.  Human Factors in Healthcare: A Field Guide to Continuous Improvement , 2017, Synthesis Lectures on Assistive, Rehabilitative, and Health-Preserving Technologies.

[18]  Ulrike Hahn,et al.  Normative theories of argumentation: are some norms better than others? , 2012, Synthese.

[19]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[20]  Donald A. Norman,et al.  Design rules based on analyses of human error , 1983, CACM.

[21]  Hamid R. Kavianian Guidelines for preventing human error in process safety. Center for Chemical Process Safety, American Institute of Chemical Engineers, New York, NY, (1994), 390 Pages, [ISBN No.:0‐8169‐0461‐8], U.S. List Price: $140.00 , 1996 .

[22]  N. Tilley,et al.  Situational Crime Prevention , 2022, Encyclopedia of Violence, Peace, & Conflict.

[23]  Shari Lawrence Pfleeger,et al.  Leveraging behavioral science to mitigate cyber security risk , 2012, Comput. Secur..

[24]  Shouhuai Xu,et al.  Modeling and Predicting Cyber Hacking Breaches , 2018, IEEE Transactions on Information Forensics and Security.

[25]  Ana Ferreira,et al.  Principles of Persuasion in Social Engineering and Their Use in Phishing , 2015, HCI.

[26]  Wenli Li,et al.  Understanding personal use of the Internet at work: An integrated model of neutralization techniques and general deterrence theory , 2014, Comput. Hum. Behav..

[27]  A. Bandura,et al.  Tests of the generality of self-efficacy theory , 1980, Cognitive Therapy and Research.

[28]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[29]  Maria Virvou,et al.  Combining Decision-Making Theories With a Cognitive Theory for Intelligent Help: A Comparison , 2015, IEEE Transactions on Human-Machine Systems.

[30]  Gerald M. Knapp,et al.  Determining the most important criteria in maintenance decision making , 1997 .

[31]  Heidi Vandebosch,et al.  Using the theory of planned behaviour to understand cyberbullying: The importance of beliefs for developing interventions , 2014 .

[32]  John T. Cacioppo,et al.  The Elaboration Likelihood Model of Persuasion , 1986, Advances in Experimental Social Psychology.

[33]  Daniel S. Berman,et al.  A Survey of Deep Learning Methods for Cyber Security , 2019, Inf..

[34]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[35]  Amos Azaria,et al.  Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data , 2014, IEEE Transactions on Computational Social Systems.

[36]  Denise Nicholson Advances in Human Factors in Cybersecurity , 2016 .

[37]  Evangelos Triantaphyllou,et al.  USING THE ANALYTIC HIERARCHY PROCESS FOR DECISION MAKING IN ENGINEERING APPLICATIONS: SOME CHALLENGES , 1995 .

[38]  Sagar Samtani,et al.  Conducting large-scale analyses of underground hacker communities , 2016 .

[39]  Steven M. F. Stuban,et al.  Using Analytical Hierarchy and Analytical Network Processes to Create Cyber Security Metrics , 2017 .

[40]  William L. Simon,et al.  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers , 2005 .

[41]  Milena Radenkovic,et al.  Exploring user behavioral data for adaptive cybersecurity , 2019, User Modeling and User-Adapted Interaction.

[42]  Eric Maiwald,et al.  Security Planning & Disaster Recovery , 2002 .

[43]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[44]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[45]  YanYilin,et al.  A Survey on Deep Learning , 2018 .

[46]  S. L. N. Hald,et al.  An updated taxonomy for characterizing hackers according to their threat properties , 2012, 2012 14th International Conference on Advanced Communication Technology (ICACT).

[47]  Manish Kumar,et al.  Cybersecurity: A Survey of Vulnerability Analysis and Attack Graphs , 2018 .

[48]  David Maimon,et al.  Cyber-Dependent Crimes: An Interdisciplinary Review , 2019, Annual Review of Criminology.

[49]  Frank L. Greitzer,et al.  Modeling Human Behavior to Anticipate Insider Attacks , 2011 .

[50]  Industrial Strategy Information security breaches survey , 2013 .

[51]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness , 2013, Hum. Factors.

[52]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..