skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • NSF Public Access
  • Search Results
  • Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats
Title: Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats
Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and b) compare perceived severity across select consequences. Further, we grouped ratings into the STRIDE threat model categories and c) analyzed whether perceived severity varied across those categories. The current study’s results suggest not all consequences are perceived to be equally severe; likewise, not all STRIDE threat model categories are perceived to be equally severe. Implications for designing warning messages and modeling threats are discussed.  more » « less
Award ID(s):
1564293
PAR ID:
10392978
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
AHFE International
Volume:
53
ISSN:
2771-0718
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, International Conference on Applied Human Factors and Ergonomics)
    To combat phishing, system messages warn users of suspected phishing attacks. However, users do not always comply with warning messages. One reason for non-compliance is that warning messages contradict how users think about phishing threats. To increase compliance, warning messages should align with user perceptions of phishing threat risks. How users think about phishing threats is not yet known. To identify how users perceive phishing threats, participants were surveyed about their perceptions of the severity and likelihood of 9 phishing consequences. Results revealed perceived severity and likelihood levels for each consequence, as well as relative differences between consequences. Concrete examples of warning messages that reflect these findings are provided. 
    more » « less
  2. ; ; ; ; (, International Joint Conference on Neural Networks 2021 (IJCNN 2021))
    Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true. 
    more » « less
  3. ; ; (, Weather, Climate, and Society)
    Abstract Eastern Colorado is one of the most active hail regions in the United States, and individual hailstorms routinely surpass millions of dollars in crop loss and physical damage. Fifteen semistructured interviews with eastern Colorado farmers and ranchers were conducted in the summer of 2019 to gauge perceptions of the severity and vulnerability associated with hailstorms, as well as to understand how forecasts and warnings for severe hail are received and acted upon by the agricultural community. Results reveal a correspondence between perceived and observed frequency of hailstorms in eastern Colorado and highlight financial losses from crop destruction as the greatest threat from hailstorms. In contrast to the National Weather Service defining severe hail as at least 1.0 in. (25.4 mm) in diameter, the agricultural community conceptualizes hail severity according to impacts and damage. Small hail in large volumes or driven by a strong wind are the most worrisome scenarios for farmers, because small hail can most easily strip crop heads and stalks. Larger hailstones are perceived to pose less of a threat to crops but can produce significant damage to physical equipment and injure livestock. Eastern Colorado farmers and ranchers are avid weather watchers and associate environmental cues with hailstorms in addition to receiving warning messages, primarily via alerts on mobile telephones. Hailstorms elicit feelings of dejection and anxiety in some respondents, whereas others accept hailstorms as part of the job. Increasing awareness of the agricultural perceptions of hailstorms can help the meteorological community direct hail prediction research efforts and improve risk communication to the agricultural sector. 
    more » « less
  4. ; ; ; (, CHI EA '16: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems)
    The Internet enables users to access vast resources, but it can also expose users to harmful cyber-attacks. It is imperative that users be informed about a security incident in a timely manner in order to make proper decisions. Visualization of security threats and warnings is one of the effective ways to inform users. However, visual cues are not always accessible to all users, and in particular, those with visual impairments. This late-breaking-work paper hypothesizes that the use of proper sounds in conjunction with visual cues can better represent security alerts to all users. Toward our research goal to validate this hypothesis, we first describe a methodology, referred to as sonification, to effectively design and develop auditory cyber-security threat indicators to warn users about cyber-attacks. Next, we present a case study, along with the results, of various types of usability testing conducted on a number of Internet users who are visually impaired. The presented concept can be viewed as a general framework for the creation and evaluation of human factor interactions with sounds in a cyber-space domain. The paper concludes with a discussion of future steps to enhance this work. 
    more » « less
  5. ; ; ; ; (, Proceedings of the Human Factors and Ergonomics Society Annual Meeting)
    Stress experiences can have dire consequences for worker performance and well-being, and the social environment of the workplace is a key contributor to worker experience. This study investigated the relationship between hybrid workers’ self-ratings of productivity, mood, and stress with perceptions of positive (eustress) and negative (distress) stress states. We hypothesized that self-ratings would vary across combinations of eustress and distress experiences and that these differences would differ based on the social context. Ecological momentary assessments (EMA) were used to obtain ecologically valid data at four data points each workday across a 4-month study period in a cohort of seven office workers. Findings aligned with the Yerkes–Dodson law, such that higher states of arousal were associated with greater self-perceived productivity, and higher stress magnitudes were found when distress existed. Compared to other states, eustress was associated with higher productivity in work-related activities and better mood across all activity types. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email