In This Story
Whether you are an experienced software developer, a teen texting on a smartphone, or an older adult checking a bank statement, cybersecurity is part of your life. Humans and computers interact every minute of every day and cybersecurity is there to keep information safe and actions private. But normal human behavior can compromise safety and privacy.
In 2022, researchers funded by the Commonwealth Cyber Initiative’s (CCI) Northern Virginia Node (NoVa Node) will be exploring the impact of human behavior on cybersecurity systems. Divided into six teams, the researchers will seek to leverage the power of their academic expertise in the social sciences, and related fields. The teams include faculty from the Colleges of Engineering and Computing, Humanities and Social Sciences, Education and Human Development, and the School of Business. Each team will explore a different aspect of the problem as they aim to translate those understandings into solutions or areas for additional investigation that can impact the welfare of Virginians. Two of those teams are being led by faculty from the Department of Information Sciences and Technology.
“Human-Centric Training for Privacy and Security Controls: Bridging the Awareness Gap for Diverse Populations”
PI: Vivian Genero Motti, College of Engineering and Computing (CEC), George Mason University; Co-PIs: Samy El-Tawab, and Ahmad Salman, College of Integrated Sciences, James Madison University
If you retired from the workforce 25 years ago, before Wi-Fi, online shopping, banking, or smartphones, you are likely vulnerable to cyberattacks. In fact, older adults face a disproportionate risk of suffering cyberattacks; still, they do not have access to resources and educational materials suitable to meet their needs related to human behavior and privacy protection.
Vivian Motti and her team want to do something about that. They plan to reach out to underrepresented users and characterize their level of awareness about cybersecurity. Motti and her team believe that gaining a better understanding of these populations will help inform educational content development, providing content, language, and design aspects that are all suitable to their specific user profiles.
“By adopting a user-centric design approach, this project will ensure that cybersecurity training meets users' needs for minority groups. By involving older adults front and center in the research agenda, we will establish training contents that are appropriate to their level of understanding,” says Motti. Also, besides following the training contents and retaining what they learn, they will be able to act and prevent potential attacks that could pose privacy risks.
"Characterizing Biases in Automated Scam Detection Tools for Social Media to Aid Individuals with Developmental Disabilities"
PI: Hemant Purohit, CEC; Co-PIs: Géraldine Walther, CHHS; Matt Peterson, CHHS; YooSun Chung, CEHD
Designers of scam detection tools often focus on improving the computational accuracy of the methods, especially those with state-of-the-art Natural Language Processing (NLP) and Machine Learning (ML)-based techniques, but their understanding of the diverse human behavior can be limited. This project aims to build a foundation for inclusive cybersecurity technologies to protect individuals with disabilities from online scams using a unique interdisciplinary collaborative approach between computing and non-computing researchers.
Specifically, the team’s objective is to uncover the biases in the existing scam detection techniques for social media using NLP and ML methods. “We will conduct Eye Tracking analyses using a labeled scam dataset of social media posts from existing literature on online cybersecurity and study the differences between the attention patterns of individuals with and without developmental disabilities when perceiving scam posts,” says Hemant Purohit.
The project hopes to gain insights that will support cybersecurity training development for reducing online fraud for individuals with special education needs. At the same time, the researchers want to identify limitations in automated scam detection tools and help create more effective cybersecurity tools that can protect user groups in our communities.