This dissertation couples the growing corpus of human subjects and behavioral research in information security with large-scale data and robust quantitative methods. Linking human subject experimentation with theoretical models enables the information security community to reason more effectively about the system-wide effects of user behavior. I examine how users interact with the digital environment, how those interactions affect decision-making, and how aggregate decision-making affects system-wide vulnerabilities. This interdisciplinary challenge requires a combination of techniques from cognitive neuroscience, social network analysis, human-subjects research, dynamical systems, network theory, and agent-based models.
In the first section, eye-tracking data demonstrates the relationships between expertise and online perceptual awareness of security cues. Expertise is shown to be only a small factor in attention to security cues, and task-type proves to be much larger indicator of attention, with tasks requiring the use of personal accounts driving attention to cues. This section uses Bayesian ANOVA to evaluate users' perceptual awareness of security cues as they complete common online tasks, as it relates to user sophistication and task type.
The second section uses a theoretical epidemiological model of malware spread to investigate factors that might mitigate the prevalence of malware in a coupled, two-population model. This both demonstrates that cost is the largest factor for affecting malware prevalence, outside of malware infection rates, and identifies appropriate strategies for system-wide botnet mitigation.
The final section utilizes an agent-based model of mobile application adoption combined with social network data and mobile marketplace policy. The result is an examination of the dynamic effects of user and market behavior on the spread of mobile malware and the second order effects, such as privacy loss, due to that spread. This model reveals that well-regulated markets are effective at limiting malware spread, but user behavior grows in importance as markets become less restricted.
Each study examines ways in which users interact with their technology, the aggregate effects of those behaviors, and identifies possible inflection points to change system-wide behaviors. This dissertation integrates empirical behavioral studies to develop a better understanding of digital behavior, thus enabling a more holistic approach to information security.
|Advisor:||Camp, Jean, Goldstone, Robert|
|Commitee:||Flammini, Alessandro, Todd, Peter|
|School Location:||United States -- Indiana|
|Source:||DAI-A 76/04(E), Dissertation Abstracts International|
|Subjects:||Cognitive psychology, Information science|
|Keywords:||Decision making, Economics of information security, Expertise, Eye tracking, Modeling, Usable security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be