EAGER: Cybercrime Susceptibility in the Sociotechnical System: Exploration of Integrated Micro- and Macro-Level Sociotechnical Models of Cybersecurity

EAGER：社会技术系统中的网络犯罪敏感性：网络安全的微观和宏观综合社会技术模型的探索

• 批准号: 1519243
• 负责人: Saman Zonouz
• 金额: $ 13.86万
• 依托单位: Rutgers University New Brunswick
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-14 至 2017-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1519243&HistoricalAwards=false
• 关键词: EAGER; Cybercrime; Susceptibility; Sociotechnical; System

This project develops a holistic approach to sociotechnical system security that combines innovations in both criminology and engineering/computer science. We design unified sociotechnical security models that capture how sociotechnical intrusions against social as well as technical aspects of the system (i.e., modeled as hidden sequences of system security states) result in observed hard data such as security sensor alerts and soft data produced by human/social sensors such as reports about slow machines. To model the social aspect of the sociotechnical security models, (1) we collect extensive social survey data from one specific subpopulation (employees) nested within one sociotechnical system (the university campus); (2) we identify various social and social-psychological factors reducing susceptibility to victimization by computer-focused crime drawing on several criminological and sociological theories; (3) we supplement social survey data with organizational-level data to explore influences of characteristics of organizational units on individual-level employee victimization by computer-focused crimes as well as rates of such cybercrime threats in organizational units. We analyze the collected data by applying unique integrated sociotechnical analytical approaches that encapsulate the adversarial actions and subsequent rewards/costs using stochastic Markov decisions processes and probabilistic data production models. Our research provides guidelines for other researchers looking to incorporate social science methods and models into engineering systems, with the criminological/sociological aspect of the study of use to many other researchers. This work will transform how researchers approach the problem of sociotechnical security, in that our holistic view cognizant of both social and technical factors will become widespread.

该项目为社会技术系统安全开发了一种整体方法，该方法结合了犯罪学和工程/计算机科学的创新。我们设计了统一的社会技术安全模型，以捕获对系统的社会和技术方面的社会技术入侵（即以系统安全状态的隐藏序列建模）如何导致观察到的硬数据，例如安全传感器警报和由人类/社会传感器产生的软数据，例如人类/社会传感器，例如有关慢速机器的报告。 （1）我们从一个社会技术系统（大学校园）中嵌套的一个特定亚种群（员工）收集广泛的社会调查数据，以模拟社会技术安全模型的社会方面； （2）我们确定了各种社会和社会心理学因素，从而降低了以计算机为中心的犯罪和社会学理论绘制计算机犯罪对受害的敏感性； （3）我们使用组织级别的数据补充社会调查数据，以探索组织单位特征对以计算机为中心的犯罪以及组织单位中此类网络犯罪威胁的速度的组织特征对个人级别员工受害的影响。我们通过采用独特的综合社会技术分析方法来分析收集的数据，该方法封装了对抗性动作，并使用随机马尔可夫决策过程和概率数据生产模型封装了对抗性动作和随后的奖励/成本。我们的研究为希望将社会科学方法和模型纳入工程系统的其他研究人员提供了指南，以及对许多其他研究人员的使用研究的犯罪学/社会学方面。这项工作将改变研究人员如何处理社会技术的问题，因为我们对社会和技术因素的全面看法将变得广泛。