Human Factors of Cyber Attacks

Cyber security has been a growing focus within the human factors community. Over the last several years, human-centered cyber research has provided valuable insights into the cognitive and collaborative work within cyber operations, but has largely ignored how the genesis, intentions, methods and outcomes of cyber attacks impact human-related outcomes. Leveraging insights from other, more technologically focused communities, the goal of this paper is to synthesize previous work and to present a unified, descriptive framework of cyber attacks. Our framework, which consists of three dimensions, adversarial, methodological, and operational, aims to maintain the rich interactions between the components of a cyber attack while offering a further abstraction useful to future human factors research. We present each dimension in terms of the previous techno-centered research, demonstrate how the human factors community can contribute to our understanding, and ground each within the context of the StuxNet virus.

[1]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[2]  Michael D. McNeese,et al.  Information data fusion and computer network defense , 2012 .

[3]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[4]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[5]  Jonathan Klein,et al.  Frustrating the user on purpose: a step toward building an affective computer , 2002, Interact. Comput..

[6]  Christopher B. Mayhorn,et al.  Something Smells Phishy: Exploring Definitions, Consequences, and Reactions to Phishing , 2012 .

[7]  Eric Horvitz,et al.  Disruption and recovery of computing tasks: field study, analysis, and directions , 2007, CHI.

[8]  Nicklaus A. Giacobe A Picture is Worth a Thousand Alerts , 2013 .

[9]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[10]  Maria Kjaerland,et al.  A classification of computer security incidents based on reported attack data , 2005 .

[11]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[12]  Alex Baker,et al.  Information visualization metrics and methods for cyber security evaluation , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[13]  N. Rowe A Taxonomy of Deception in Cyberspace , 2006 .

[14]  Gregory J. Funke,et al.  Exploring the Effects of “Low and Slow” Cyber Attacks on Team Decision Making , 2013 .

[15]  I Burke,et al.  Classifying network attack scenarios using an ontology , 2012 .

[16]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[17]  V Jyothsna,et al.  A Review of Anomaly based Intrusion Detection Systems , 2011 .

[18]  Michael D. McNeese,et al.  Effects of Integrated and Differentiated Team Knowledge Structures on Distributed Team Cognition , 2012 .

[19]  Gregory J. Funke,et al.  Effects of Cyber Disruption in a Distributed Team Decision Making Task , 2013 .

[20]  James L. Szalma,et al.  Operator Stress and Display Design , 2003 .

[21]  Christopher D. Wickens,et al.  A model for types and levels of human interaction with automation , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[22]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[23]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[24]  Gisela Susanne Bahr,et al.  How and why pop-ups don't work: Pop-up prompted eye movements, user affect and decision making , 2011, Comput. Hum. Behav..

[25]  Michael D. McNeese,et al.  A human-in-the-loop approach to understanding situation awareness in cyber defence analysis , 2013, EAI Endorsed Trans. Security Safety.

[26]  D M Faissol,et al.  Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches , 2009 .

[27]  M. Bishop Vulnerabilities Analysis , 1967 .