Evolving Cyber-threats and Countermeasures: Mathematical, Behavioral and Legal Perspectives

Prof. Joachim Meyer and Prof. Ronen Avraham

The proposed research addresses a set of interrelated research questions, combining analytical (optimization), behavioral (experimental economic and psychology) and legal perspectives. From a behavioral modeling perspective, we will develop quantitative models to predict users’ behavior in environments with changing threats and information about threats, and we will validate the models with empirical studies. Under what conditions will end-users be particularly vulnerable to attacks? What will affect end-user’s motivation to prevent security threats?  We will then extend this research, addressing questions, such as what advice, alerts or nudges can be used so that end users respond positively to this information, avoiding "cry wolf" and information-overload effects, due to which users cease to respond to indications. We will address these questions from a legal perspective, asking about rules for warning end-users in a rapidly changing environment: When should, for instance, companies be required to alert end-users about emerging threats, to delete end-user accounts because using them may create a risk for the end-user, to cease marketing a service because it can be used to attack end-users, etc.? In this context, we will consider the results from the analytic and behavioral parts, trying to predict how different policies regarding the issuing of alerts will affect the overall outcomes at the individual user and at the system level.

The proposed interdisciplinary research consists of six tightly connected parts:

  1. The development of quantitative models of end-user responses to information in an environment where the characteristics of threats, the available information and the value of the information for detecting threats change relatively quickly.
  2. An empirical research program, conducted in the laboratory and with actual websites to study responses to different types of information and end-users’ ability to determine whether a threat exists at a given moment.
  3. A survey of the existing threats and of the emergence of threats, based on the collection over time of threats in phishing messages, malicious websites or content, etc.
  4. A quantitative and empirical evaluation (using laboratory and web experiments) of the impact of different alerting messages and policies on end-users responses.
  5. The legal part has two main components.
    1. Developing a framework for providing information and responding to changing threats: What is the optimal warning? When is a warning insufficient? Insights will be drawn from the literature on consumers’ product liability. 
    2. Developing a framework for incentivizing end-users to take optimal precautions. The legal system is comprised of various legal regimes ranging from full immunity, through various insurance-based mechanisms, to regimes where victims bear at least some costs (Avraham, 2011). The different aspects of the legal framework will be integrated into the mathematical and behavioral modeling.
  6. In the last phase of the project we evaluate the optimal design at a system level, given the results from the different mathematical, behavioral and legal analyses.
  7. The outcome of this combined, multidisciplinary research can be used to develop interfaces, systems, user education programs, regulations and policies that will jointly lower the negative consequences of cyberattacks.
Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing, Contact us as soon as possible >>