ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks

接受：通过共同进化方法解决网络安全和网络犯罪问题，以减少与人类相关的风险

• 批准号: EP/P011896/2
• 负责人: Shujun Li
• 金额: $ 97.86万
• 依托单位: University of Kent
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2017
• 资助国家: 英国
• 起止时间: 2017 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FP011896%2F2
• 关键词: ACCEPT; Addressing; Cybersecurity; Cybercrime; via

Researchers and practitioners have acknowledged human-related risks among the most important factors in cybersecurity, e.g. an IBM report (2014) shows that over 95% of security incidents involved "human errors". Responses to human-related cyber risks remain undermined by a conceptual problem: the mindset associated with the term 'cyber'-crime which has persuaded us that that crimes with a cyber-dimension occur purely within a (non-physical) 'cyber' space, and that these constitute wholly new forms of offending, divorced from the human/social components of traditional (physical) crime landscapes. In this context, the unprecedented linking of individuals and technologies into global social-physical networks - hyperconnection - has generated exponential complexity and unpredictability of vulnerabilities.In addition to hyperconnectivity, the dynamic evolving nature of cyber systems is equally important. Cyber systems change far faster than biological/material cultures, and criminal behaviour and techniques evolve in relation to the changing nature of opportunities centring on target assets, tools and weapons, routine activities, business models, etc. Studying networks and relationships between individuals, businesses and organisations in a hyperconnected environment requires understanding of communities and the broader ecosystems. This complex, non-linear process can lead to co-evolution in the medium-longer term.The focus on cybersecurity as a dynamic interaction between humans and socio-technic elements within a risk ecosystem raises implementation issues, e.g. how to mobilise diverse players to support security. Conventionally they are considered under 'raising awareness', and many initiatives have been rolled out. However, activities targeting society as a whole have limitations, e.g. the lack of personalisation, which makes them less effective in influencing human behaviours.While there is isolated research across these areas, there is no holistic framework combining all these theoretical concepts (co-evolution, opportunity management, behavioural and business models, ad hoc technological research on cyber risks and cybercrime) to allow a more comprehensive understanding of human-related risks within cybersecurity ecosystems and to design more effective approaches for engaging individuals and organisations to reduce such risks.The project's overall aim is therefore to develop a framework through which we can analyse the behavioural co-evolution of cybersecurity/cybercrime ecosystems and effectively influence behaviours of a range of actors in the ecosystems in order to reduce human-related risks. To achieve the project's overall aim, this research will:(1) Be theory-informed: Incorporate theoretical concepts from social, evolutionary and behavioural sciences which provide insights into the co-evolutionary aspect of cybersecurity/cybercrime ecosystems. (2) Be evidence-based: Draw on extensive real-world data from different sources on behaviours of individuals and organisations within cybersecurity/cybercrime ecosystems. (3) Be user-centric: Develop a framework that can provide practical guidance to system designers on how to engage individual end users and organisations for reducing human-related cyber risks. (4) Be real world-facing: Conduct user studies in real-world use cases to validate the framework's effectiveness.The new framework and solutions it identifies will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.This project will involve a group of researchers working in 5 academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at 4 UK research institutes, and be supported by an Advisory Board with 12 international/UK researchers and a Stakeholder Group formed by 12 non-academic partners (including LEAs, NGOs and industry).

研究人员和从业人员已经承认，网络安全的最重要因素是与人类有关的风险，例如IBM报告（2014年）显示，超过95％的安全事件涉及“人为错误”。对与人相关的网络风险的反应仍然因概念问题的破坏：与“网络”犯罪术语相关的心态，这使我们说服我们的犯罪纯粹出现在一个（非物理）“网络”空间内，并且这些犯罪构成了人类/社会构成的新形式，构成了传统犯罪的新形式。在这种情况下，个人和技术与全球社会物理网络的前所未有的联系 - 超连接 - 产生了指数的复杂性和脆弱性的不可预测性。除了超直接性，网络系统的动态发展性质同样重要。网络系统的变化比生物/物质文化的变化快得多，并且犯罪行为和技术与以目标资产，工具和武器为中心的机会不断变化的性质相关。这种复杂的非线性过程可以在中等较长的术语中导致共同发展。对网络安全的关注是人类与风险生态系统中社会技术元素之间的动态相互作用，引发了实施问题，例如如何动员不同的参与者支持安全。通常，它们被认为是“提高意识”的，并且已经推出了许多倡议。但是，针对整个社会的活动有局限性，例如the lack of personalisation, which makes them less effective in influencing human behaviours.While there is isolated research across these areas, there is no holistic framework combining all these theoretical concepts (co-evolution, opportunity management, behavioural and business models, ad hoc technological research on cyber risks and cybercrime) to allow a more comprehensive understanding of human-related risks within cybersecurity ecosystems and to design more effective approaches for engaging individuals and organisations因此，该项目的总体目的是开发一个框架，通过该框架，我们可以分析网络安全/网络犯罪生态系统的行为共同进化，并有效地影响生态系统中一系列参与者的行为，以减少与人相关的风险。为了实现该项目的整体目标，这项研究将：（1）理论上：结合了社会，进化和行为科学的理论概念，这些概念为网络安全/网络犯罪生态系统的共同进化方面提供了见解。 （2）是基于证据的：从不同来源的广泛的现实数据借鉴网络安全/网络犯罪生态系统中个人和组织的行为。 （3）以用户为中心：开发一个框架，可以为系统设计人员提供有关如何吸引个人最终用户和组织来降低与人类相关的网络风险的实用指导。 (4) Be real world-facing: Conduct user studies in real-world use cases to validate the framework's effectiveness.The new framework and solutions it identifies will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.This project will involve a group of researchers working in 5 academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at 4 UK research institutes, and be由12位国际/英国研究人员和一个由12个非学术合作伙伴组成的利益相关者组（包括LEAS，非政府组织和行业）组成的顾问委员会的支持。

项目成果

Improving productivity in Hollywood with data science: Using emotional arcs of movies to drive product and service innovation in entertainment industries

• DOI: 10.1080/01605682.2019.1705194
• 发表时间: 2020-02-26
• 期刊: JOURNAL OF THE OPERATIONAL RESEARCH SOCIETY
• 影响因子: 3.6
• 作者: Del Vecchio, Marco;Kharlamov, Alexander;Pogrebna, Ganna
• 通讯作者: Pogrebna, Ganna

Crime scripting: A systematic review

• DOI: 10.1177/1477370819850943
• 发表时间: 2021-07-01
• 期刊: EUROPEAN JOURNAL OF CRIMINOLOGY
• 影响因子: 1.9
• 作者: Dehghanniri, Hashem;Borrion, Herve
• 通讯作者: Borrion, Herve

THE PROBLEM WITH CRIME PROBLEM-SOLVING: TOWARDS A SECOND GENERATION POP?

• DOI: 10.1093/bjc/azz029
• 发表时间: 2020-01-01
• 期刊: BRITISH JOURNAL OF CRIMINOLOGY
• 影响因子: 2.6
• 作者: Borrion, Herve;Ekblom, Paul;Toubaline, Sonia
• 通讯作者: Toubaline, Sonia

Measuring the resilience of criminogenic ecosystems to global disruption: A case-study of COVID-19 in China.

• DOI: 10.1371/journal.pone.0240077
• 发表时间: 2020
• 期刊: PloS one
• 影响因子: 3.7
• 作者: Borrion H;Kurland J;Tilley N;Chen P
• 通讯作者: Chen P

Privacy in Transport? Exploring Perceptions of Location Privacy Through User Segmentation

运输中的隐私？

• DOI: 10.24251/hicss.2021.651
• 发表时间: 2021
• 作者: Becker I