More Like this

1. Psychological Profiling of Hacking Potential

   Gaia, J; Ramamurthy, B; Sanders, G; Sanders, S; Upadhyaya, S; Wang, X; Yoo, C (January 2020, Proceedings of the 53rd Hawaii International Conference on System Sciences)

   This paper investigates the psychological traits of individuals’ attraction to engaging in hacking behaviors (both ethical and illegal/unethical)upon entering the workforce.We examine the role of the Dark Triad, Opposition to Authority and Thrill-Seeking traits as regards the propensity of an individual to be interested in White Hat, Black Hat,and Grey Hat hacking. A new set of scales were developed to assist in the delineation of the three hat categories. We also developed a scale to measure each subject’s perception of the probability of being apprehended for violating privacy laws. Engaging in criminal activity involves a choice where there are consequences and opportunities, and individuals perceive them differently, but they can be deterred if there is a likelihood of punishment,and the punishment is severe. The results suggest that individuals that are White Hat, Grey Hat and Black Hat hackers score high on the Machiavellian and Psychopathy scales. We also found evidence that Grey Hatters oppose authority, Black Hatters score high on the thrill-seeking dimension and White Hatters, the good guys, tend to be Narcissists. Thrill-seeking was moderately important for White Hat hacking and Black hat hacking. Opposition to Authority was important for Grey Hat hacking. Narcissism was not statistically significant in any of the models. The probability of being apprehended had a negative effect on Grey Hat and Black Hat hacking. Several suggestions will be made on what organizations can do to address insider threats. 

   more » « less
2. Economic Incentives and Perceptions as Critical Factors for Understanding Insider Hacking Behavior

   Amo, Laura; Gaia, Joana; Murray, David; Sanders, George; Sanders, Sean; Singh, Raghvendra; Upadhyaya, Shambhu (January 2024, Hawaii International Conference on System Sciences (HICSS-57))

   The objective of this research is to investigate the influence of interest in white hat capabilities, income levels, and perceptions of being apprehended on the willingness to violate privacy regulations as measured by the amount of money required to violate medical privacy. The research model was developed by drawing on the economics of crime literature, prospect theory and the emerging Capability, Opportunity, and Motivation Behavior model. This study involved 523 individuals on the cusp of entering the workforce, which places them all as potential insider hackers according to zero trust models of insider behavior. Despite many subjects believing there is a high probability of being caught, they could still be incentivized to violate HIPAA laws. Approximately 306 (or 58%) of the survey participants indicated a price, ranging from zero dollars to over $10 million, that they deemed acceptable for violating HIPAA laws. Income levels, white hat hacking capabilities, monetary incentives to commit a crime, and the perceived probability of being apprehended were statistically significant predictors of the amount of money required to violate HIPAA laws. 

   more » « less
3. Economic Incentives and Perceptions as Critical Factors for Understanding Insider Hacking Behavior

   Amo, Laura; Gaia, Joana; Murray, David; Sanders, George; Sanders, Sean; Singh, Raghavendra; Upadhyaya, Shambhu (January 2024, Proceedings of the Annual Hawaii International Conference on System Sciences)

   The objective of this research is to investigate the influence of interest in white hat capabilities, income levels, and perceptions of being apprehended on the willingness to violate privacy regulations as measured by the amount of money required to violate medical privacy. The research model was developed by drawing on the economics of crime literature, prospect theory and the emerging Capability, Opportunity, and Motivation Behavior model. This study involved 523 individuals on the cusp of entering the workforce, which places them all as potential insider hackers according to zero trust models of insider behavior. Despite many subjects believing there is a high probability of being caught, they could still be incentivized to violate HIPAA laws. Approximately 222 (or 42%) of the survey participants indicated a price, ranging from zero dollars to over $10 million, that they deemed acceptable for violating HIPAA laws. Income levels, white hat hacking capabilities, monetary incentives to commit a crime, and the perceived probability of being apprehended were statistically significant predictors of the amount of money required to violate HIPAA laws. 

   more » « less
4. Stackelberg Punishment and Bully-Proofing Autonomous Vehicles

   https://doi.org/10.1007/978-3-030-35888-4_34  

   Cooper, Matt; Lee, Jun Ki; Beck, Jacob; Fishman, Joshua D.; Gillett, Michael; Papakipos, Zoe; Zhang, Aaron; Ramos, Jerome; Shah, Aansh; Littman, Michael L. (November 2019, ICSR 2019: Social Robotics)

   Mutually beneficial behavior in repeated games can be enforced via the threat of punishment, as enshrined in game theory’s well-known “folk theorem.” There is a cost, however, to a player for generating these disincentives. In this work, we seek to minimize this cost by computing a “Stackelberg punishment,” in which the player selects a behavior that sufficiently punishes the other player while maximizing its own score under the assumption that the other player will adopt a best response. This idea generalizes the concept of a Stackelberg equilibrium. Known efficient algorithms for computing a Stackelberg equilibrium can be adapted to efficiently produce a Stackelberg punishment. We demonstrate an application of this idea in an experiment involving a virtual autonomous vehicle and human participants. We find that a self-driving car with a Stackelberg punishment policy discourages human drivers from bullying in a driving scenario requiring social negotiation. 

   more » « less
5. Fair Algorithms for Learning in Allocation Problems

   https://doi.org/10.1145/3287560.3287571  

   Elzayn, Hadi; Jabbari, Shahin; Jung, Christopher; Kearns, Michael; Neel, Seth; Roth, Aaron; Schutzman, Zachary (January 2019, ACM FAT* 2019)

   Settings such as lending and policing can be modeled by a centralized agent allocating a scarce resource (e.g. loans or police officers) amongst several groups, in order to maximize some objective (e.g. loans given that are repaid, or criminals that are apprehended). Often in such problems fairness is also a concern. One natural notion of fairness, based on general principles of equality of opportunity, asks that conditional on an individual being a candidate for the resource in question, the probability of actually receiving it is approximately independent of the individual’s group. For example, in lending this would mean that equally creditworthy individuals in different racial groups have roughly equal chances of receiving a loan. In policing it would mean that two individuals committing the same crime in different districts would have roughly equal chances of being arrested. In this paper, we formalize this general notion of fairness for allocation problems and investigate its algorithmic consequences. Our main technical results include an efficient learning algorithm that converges to an optimal fair allocation even when the allocator does not know the frequency of candidates (i.e. creditworthy individuals or criminals) in each group. This algorithm operates in a censored feedback model in which only the number of candidates who received the resource in a given allocation can be observed, rather than the true number of candidates in each group. This models the fact that we do not learn the creditworthiness of individuals we do not give loans to and do not learn about crimes committed if the police presence in a district is low. 

   more » « less