An Integrated Model of Human Cyber Behavior

  • Walter WarwickEmail author
  • Norbou Buchler
  • Laura Marusich
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 780)


Agent-based models are commonplace in the simulation-based analysis of cyber security. But as useful as it is to model, for example, adversarial tactics in a simulated cyber attack or realistic traffic in a study of network vulnerability, it is increasingly clear that human error is one of the greatest threats to cyber security. From this perspective, the salient features of behavior are those of an agent making decisions about how to use a system, rather than an agent acting as an adversary or as a “chat bot” which functions merely as a statistical message generator. In this paper, we describe work to model a human dimension of the cyber operator, a user subject to different motivations that lead directly to differences in cyber behavior which, ultimately, lead to differences in the risk of suffering a “drive-by” malware infection.


Human behavior representation Cyber behavior Model integration 


  1. 1.
    Besnard, D., Arief, B.: Computer security impaired by legitimate users. Comput. Secur. 23(3), 253–264 (2004)CrossRefGoogle Scholar
  2. 2.
    Fulford, H., Doherty, N.F.: The application of information security policies in large UK-based organizations: an exploratory investigation. Inf. Manage. Comput. Secur. 11(3), 106–114 (2003)CrossRefGoogle Scholar
  3. 3.
    Werlinger, R., et al.: Towards understanding diagnostic work during the detection and investigation of security incidents. In: Steven, N.L.C., Furnell, M. (eds.) Third International Symposium on Human Aspects of Information Security & Assurance, Athens, Greece, pp. 119–132. University of Plymouth (2009)Google Scholar
  4. 4.
    Bishop, M., et al.: Insider threat identification by process analysis. In: IEEE Security and Privacy Workshops, San Jose, CA, pp. 251–264. IEEE (2014)Google Scholar
  5. 5.
    Costa, D.L., et al.: An Insider Threat Indicator Ontology (2016)Google Scholar
  6. 6.
    Cranor, L.F., Garfinkel, S. (eds.): Security and Usability: Designing Secure Systems That People Can Use. O’Reilly & Associates Inc, Sebastopol (2005)Google Scholar
  7. 7.
    Winnefeld, J.A., Kirchhoff, C., Upton, D.M.: Cybersecurity’s Human Factor: Lessons from the Pentagon, in Harvard Business Review. Harvard Business Publishing, Cambridge (2015)Google Scholar
  8. 8.
    Kilduff, P.W., Swoboda, J.C., Katz, J.: A platoon-level model of communication flow and the effects on operator performance. U.A.R. Laboratory, Editor. Human Research and Engineering Directorate, Aberdeen Proving Ground, MD (2006)Google Scholar
  9. 9.
    Brett, B.E., et al.: The Combat Automation Requirements Testbed (CART) Task 5 Interim Report: Modeling a Strike Fighter Pilot Conducting a Time Critical Target Mission. A.F.R. Laboratory, Editor, Dayton, OH (2002)Google Scholar
  10. 10.
    Heegaard, P.E.: GenSyn - a Java based generator of synthetic Internet traffic linking user behaviour models to real network protocols. In: ITC Specialist Seminar on IP Traffic Measurement, Modeling and Management, Monterey, CA (2000)Google Scholar
  11. 11.
    Ovelgonne, M., et al.: Understanding the relationship between human behavior and susceptibility to cyber-attacks: a data-driven approach. In: ACM Transactions on Intelligent Systems and Technology (TIST) - Special Issue: Cyber Security and Regular Papers, vol. 8, no. 4 (2017)Google Scholar
  12. 12.
    Mark, G., et al.: Email duration, batching and self-interruption: patterns of email use on productivity and stress. In: 2016 CHI Conference on Human Factors in Computing Systems, San Jose, California, USA, pp. 1717–1728. ACM (2016)Google Scholar
  13. 13.
    Liu, C., White, R.W., Dumais, S.: Understanding web browsing behaviors through Weibull analysis of dwell time. In: 33rd International ACM SIGIR Conference on Research and Development in Information Retrieval, Geneva, Switzerland, pp. 379–386. Association for Computing Machinery, Inc. (2010)Google Scholar
  14. 14.
    Mark, G., et al.: Bored mondays and focused afternoons: the rhythm of attention and online activity in the workplace, In: SIGCHI Conference on Human Factors in Computing Systems, Toronto, ON, Canada, pp. 3025–3034. ACM (2014)Google Scholar
  15. 15.
    Ugrin, J.C., Pearson, J.M.: The effects of sanctions and stigmas on cyberloafing. Comput. Hum. Behav. 29(3), 812–820 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Walter Warwick
    • 1
    Email author
  • Norbou Buchler
    • 2
  • Laura Marusich
    • 2
  1. 1.TiER1 Performance Solutions, LLCKentuckyUSA
  2. 2.Army Research Laboratory – Human Research and Engineering DirectorateAdelphiUSA

Personalised recommendations