Dear Prof. Rey Segundo Guerrero-Proenza,

You may want to look over the data presented below:

Review and insight on the behavioral aspects of cybersecurity

Review

Open Access Published: 21 April 2020 Review and insight on the behavioral aspects of cybersecurity Rachid Ait Maalem Lahcen, Bruce Caulkins, Ram Mohapatra & Manish Kumar Cybersecurity volume 3, Article number: 10 (2020) Cite this article27k Accesses 20 Citations Metrics details Abstract

Stories of cyber-attacks are becoming a routine in which cyber attackers show new levels of intention by sophisticated attacks on networks. Unfortunately, cybercriminals have figured out profitable business models and they take advantage of the online anonymity. A serious situation that needs to improve for networks’ defenders. Therefore, a paradigm shift is essential to the effectiveness of current techniques and practices. Since the majority of cyber incidents are human enabled, this shift requires expanding research to underexplored areas such as behavioral aspects of cybersecurity. It is more vital to focus on social and behavioral issues to improve the current situation. This paper is an effort to provide a review of relevant theories and principles, and gives insights including an interdisciplinary framework that combines behavioral cybersecurity, human factors, and modeling and simulation.

https://cybersecurity.springeropen.com/articles/10.1186/s42400-020-00050-w

_____

_____

Routine Activity Theory (RAT) is used by criminologists to explain the situational factors that influence crime in the physical world. RAT states that crime is most likely when a motivated offender, a vulnerable victim, and a lack of capable guardianship converge. We hypothesize that the time of cybercriminal actions will align with the principles of RAT. We analyzed data from over 20,000 intrusions on a large set of target computers over a period of four years. A statistically significant pattern is found in the time of intrusions in the local timezone of the victim hosts and native timezone of the attacker; intrusions geolocated to China demonstrate a stronger statistically significant pattern. The results suggest that RAT does apply to cyberspace, and further conclusions and policy implications are discussed.

https://www.researchgate.net/publication/321407523_Application_of_Routine_Activity_Theory_to_Cyber_Intrusion_Location_and_Time

_____

_____

Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System

This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established, and the hacker also escalated his rights on the server. Therefore, the honeypot server setup has been designed to reveal the correlation of a hacker’s actions with that of the hacker’s experience, personality, expertise, and psychology. To the best of our knowledge, such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However, no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test, a cyber expertise test, and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot, as well as the CTF event, were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers, it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers.

https://www.hindawi.com/journals/scn/2022/7620125/

_____

_____

Hi. I do believe that activity theory can be a factor and can also be one of the basis to consider because of the pattern of the activity of attacks or occurrence of incidents and maybe be also a social factor. That is the very essence why research is very interesting to work on.

Len Leonid Mizrah Thank you very much for your contribution, which, as always, are relevant to the given issue.

For starting I'll try to find the relation of Routine Activity Theory (RAT) and the subject I have in mind. I have listened/read that concept before be I had not studied/analyzed up to now. I mind, in what extend RAT is based on General Activity Theory, as it is understood by practitioners and theorists in their different trends: classical, Scandinavian, systemic structural and Danish. At least they have both the same starting point, the motive, the question is how it is understood and what are its relations with other components of the activity structure. But, any way, even considering the absence of formal explicit relations, they could be linked by the simple fact that they are dealing with the same object: human activity of one or other kind. That's my nearest task.

But a priori I have in mind the idea that Activity theory can be also a framework for modelling applications, and not only for explaining abnormal behaviours, as commonly is approached Psychology in these types of problems. But that, much later.

Noly M De Ramos I appreciate you to have shared your point of view on this topic: could you tell us your experience on Activity Theory, by experience or as the result of your study/readings, which activity theory trend have you followed or studied/read preferably related to cibersecurity? Any thought is welcome.

@Rey Segundo Guerrero-Proenza. Thank you for your response. In my study I did not use the activity theory, instead constructivist approach is embedded in my theoretical framework of study wherein the dispersion of innovations theory is applicable. According to previous researchers, the constructivist inquiry is consistent with qualitative methods. And since my study is Qualitative research it aims to understand what people believe and feel as well as how they interpret events. You may read Rogers Dispersion and Diffusion Innovation Theory somehow might be related to your study. Thank you.