Leveraging web and behavioural data for usable adaptive cybersecurity

Abstract

There has been a general consensus in the computer security research community that the usability of cybersecurity is critical to maintaining and improving the security of information systems. However, the human element of cybersecurity is still not well understood hence the problem of designing security with unfriendly user interfaces persists. A major challenge in addressing the human component of cybersecurity is the lack of reliable behavioural data on users’ online security actions. This thesis establishes an integrated view of online security-related attitudes and behaviours to facilitate the personalisation of cybersecurity tools. To do this, a design research approach involving behavioural science and machine learning techniques is adopted for an in-depth analysis of users’ online security behaviour and implication for design of cybersecurity mechanisms. As part of understanding users’ attitude towards cybersecurity, studies were conducted to explore how users interact with web browser security features for their personal privacy and digital security online. Current interfaces designed for security in web browsers are plagued with several usability issues. This thesis proposes an improvement to these interfaces. The solution introduced here includes a user-centred design of personalized cybersecurity-related interfaces with a minimalistic and modern aesthetic design that incorporates the concept of adaptive automation. The study identified critical cybersecurity attributes that are susceptible to individual characteristics which provided a basis for the development of effective countermeasures for different user profiles. These findings were synthesised into two cybersecurity artefacts --- SecAdapt versions 1 and 2 as proofs of concept for the proposed framework for personalised adaptive cybersecurity. The results of a usability study conducted to evaluate the prototype showed that SecAdapt was more efficient and effective when performing tasks to achieve specific cybersecurity goals compared to existing browser security controls. Most of the participants also found SecAdapt to be more user-friendly and clearly supported the proposed design concept for personalised adaptive cybersecurity and the benefits that it provides. Insights from this research can be useful in minimising the gap between people and cybersecurity in order to promote more frequent and correct usage of security tools and reduce human errors and dissatisfaction.

Date of Award	6 Jul 2019
Original language	English
Awarding Institution	Univerisity of Nottingham
Supervisor	Xu Sun (Supervisor), Dave Towey (Supervisor) & Milena Radenkovic (Supervisor)