SBES TWC: Phase: Small: Protecting the Bazaar: The Ecology of Cybersecurity in Weakly Fortified Networks

SBES TWC：阶段：小型：保护集市：弱防御网络中的网络安全生态

• 批准号: 1223634
• 负责人: David Maimon
• 金额: $ 64.78万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223634&HistoricalAwards=false
• 关键词: SBES; TWC; Phase; Small; Protecting

While policy interest and empirical research on cyber attacks have both increased substantially in recent years, very little attention has been focused on the local ecology of actively operating computer networks. In the research proposed we focus on a bazaar computing environment (i.e. weakly fortified computer networks where a wide variety of users engage in a range of activities with minimal security in largely unregulated settings) and seek to answer three broad research questions: (1) can users within bazaar environments be educated to engage in less risky on-line behavior? (2) can hackers within bazaar environments be deterred through available options? and (3) if users can be educated and hackers can be deterred what is the optimal environment in which IT management can maximize education of users and deterrence of hackers within weakly fortified environments? The proposed research represents a collaboration between criminologists, psychologists, and computer security experts and will evaluate criminological theories within cyberspace using, in addition to survey data and experimental design, detailed network and target computer data drawn from the real time operation of an organization network. Intellectual Merit A major goal of this project is to move toward a new integrated social science perspective on cybercrime. The pathway to such integration is through the social ecology of a local computing environment. The research proposed here, which simultaneously examines the characteristics of users-victims, offenders-hackers and the computing environment where they interact, will provide a rare opportunity to integrate these situational components. In addition to providing new insights into criminology theory, the proposed research will provide detailed information on the interaction of hackers and users within the context of a weakly fortified computing environment.Broader Impact We believe that our ecological approach to cyber security will offer useful insights for ways of improving online security by identifying those system configurations that discourage victim behaviors that are especially likely to result in attacks and deter attackers from malicious activities. Bringing information together from potential victims and offenders within the world of an operating computer environment will allow the development of more efficient safety programs and strategies and has the potential to increase the security of computer systems and strengthen users' confidence and trust in their systems and the cyber environment more generally.

尽管近年来对网络攻击的政策兴趣和实证研究都大大增加，但很少关注主动操作计算机网络的本地生态。 在提出的研究中，我们专注于集市计算环境（即弱化的计算机网络，在这些计算机网络中，各种各样的用户从事一系列活动的活动中，在很大程度上不受监管的环境中，并寻求回答三个广泛的研究问题：（1）（1）巴萨尔环境中的用户可以受到教育以减少冒险的上线行为吗？ （2）可以通过可用选项阻止集市环境中的黑客吗？ （3）如果可以对用户进行教育，并且可以阻止黑客在弱强化的环境中最大程度地提高对用户的教育和威慑者的教育的最佳环境是什么？ 拟议的研究代表了犯罪学家，心理学家和计算机安全专家之间的合作，除了调查数据和实验设计外，还将评估网络空间内的犯罪学理论，详细的网络和目标计算机数据从组织网络的实时操作中汲取。知识分子值得该项目的主要目标是迈向有关网络犯罪的新综合社会科学观点。这种整合的途径是通过当地计算环境的社会生态。此处提出的研究同时研究了用户 - 维克蒂安，罪犯和他们互动的计算环境的特征，将为整合这些情况组成部分提供罕见的机会。 除了提供有关犯罪学理论的新见解外，拟议的研究还将提供有关黑客和用户在弱势强化的计算环境中相互作用的详细信息。Broader的影响。我们相信，我们的网络安全生态方法将提供有用的洞察力，可以通过识别出对在线安全行为进行攻击行为和攻击行为的攻击行为和攻击行为的影响，从而为在线安全性提高攻击行为而进行攻击和攻击行为。 将操作计算机环境世界中潜在受害者和罪犯的信息汇总在一起，将使更有效的安全计划和策略开发，并有可能提高计算机系统的安全性并增强用户对系统和网络环境的信心和信任。