SBES TWC: Phase: Small: Protecting the Bazaar: The Ecology of Cybersecurity in Weakly Fortified Networks

SBES TWC：阶段：小型：保护集市：弱防御网络中的网络安全生态

• 批准号: 1223634
• 负责人: David Maimon
• 金额: $ 64.78万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223634&HistoricalAwards=false
• 关键词: SBES; TWC; Phase; Small; Protecting

While policy interest and empirical research on cyber attacks have both increased substantially in recent years, very little attention has been focused on the local ecology of actively operating computer networks. In the research proposed we focus on a bazaar computing environment (i.e. weakly fortified computer networks where a wide variety of users engage in a range of activities with minimal security in largely unregulated settings) and seek to answer three broad research questions: (1) can users within bazaar environments be educated to engage in less risky on-line behavior? (2) can hackers within bazaar environments be deterred through available options? and (3) if users can be educated and hackers can be deterred what is the optimal environment in which IT management can maximize education of users and deterrence of hackers within weakly fortified environments? The proposed research represents a collaboration between criminologists, psychologists, and computer security experts and will evaluate criminological theories within cyberspace using, in addition to survey data and experimental design, detailed network and target computer data drawn from the real time operation of an organization network. Intellectual Merit A major goal of this project is to move toward a new integrated social science perspective on cybercrime. The pathway to such integration is through the social ecology of a local computing environment. The research proposed here, which simultaneously examines the characteristics of users-victims, offenders-hackers and the computing environment where they interact, will provide a rare opportunity to integrate these situational components. In addition to providing new insights into criminology theory, the proposed research will provide detailed information on the interaction of hackers and users within the context of a weakly fortified computing environment.Broader Impact We believe that our ecological approach to cyber security will offer useful insights for ways of improving online security by identifying those system configurations that discourage victim behaviors that are especially likely to result in attacks and deter attackers from malicious activities. Bringing information together from potential victims and offenders within the world of an operating computer environment will allow the development of more efficient safety programs and strategies and has the potential to increase the security of computer systems and strengthen users' confidence and trust in their systems and the cyber environment more generally.

尽管近年来对网络攻击的政策兴趣和实证研究都大幅增加，但很少有人关注活跃运行的计算机网络的本地生态。 在拟议的研究中，我们重点关注集市计算环境（即防御较弱的计算机网络，其中各种各样的用户在基本上不受监管的环境中以最低安全性从事一系列活动），并寻求回答三个广泛的研究问题：（1）可以是否教育集市环境中的用户进行风险较小的在线行为？ (2) 可以通过可用的选项阻止集市环境中的黑客吗？ (3) 如果可以教育用户并威慑黑客，那么在弱防御环境下，IT 管理人员可以最大限度地教育用户并威慑黑客的最佳环境是什么？ 拟议的研究代表了犯罪学家、心理学家和计算机安全专家之间的合作，除了调查数据和实验设计之外，还将使用从组织网络实时运行中提取的详细网络和目标计算机数据来评估网络空间内的犯罪学理论。智力价值 该项目的一个主要目标是转向对网络犯罪的新的综合社会科学视角。这种集成的途径是通过本地计算环境的社会生态。这里提出的研究同时检查了用户-受害者、犯罪者-黑客的特征以及他们交互的计算环境，将为整合这些情境组件提供难得的机会。 除了提供对犯罪学理论的新见解外，拟议的研究还将提供有关在弱强化计算环境中黑客和用户交互的详细信息。更广泛的影响我们相信，我们的网络安全生态方法将为以下领域提供有用的见解：通过识别那些阻止受害者行为（特别有可能导致攻击）并阻止攻击者进行恶意活动的系统配置来提高在线安全性的方法。 将操作计算机环境中的潜在受害者和犯罪者的信息汇集在一起​​，将有助于开发更有效的安全程序和策略，并有可能提高计算机系统的安全性，增强用户对其系统和网络的信心和信任。更普遍的网络环境。