TY - JOUR
T1 - Contextual security awareness
T2 - A context-based approach for assessing the security awareness of users
AU - Solomon, Adir
AU - Michaelshvili, Michael
AU - Bitton, Ron
AU - Shapira, Bracha
AU - Rokach, Lior
AU - Puzis, Rami
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2022 Elsevier B.V.
PY - 2022/6/21
Y1 - 2022/6/21
N2 - Assessing the information security awareness (ISA) of users is crucial for protecting systems and organizations from social engineering attacks. Current methods do not consider the context of use when assessing users’ ISA, and therefore they cannot accurately reflect users’ actual behavior, which often depends on that context. In this study, we propose a novel context-based, data-driven, approach for assessing the ISA of users. In this approach, different behavioral and contextual factors, such as spatio-temporal information and browsing habits, are used to assess users’ ISA. Since defining each context explicitly is impractical for a large context space, we utilize a deep neural network to represent users’ contexts implicitly from contextual factors. We evaluate our approach empirically using a real-world dataset of users’ activities collected from 120 smartphone users. The results show that the proposed method and context information improve ISA assessment accuracy significantly.
AB - Assessing the information security awareness (ISA) of users is crucial for protecting systems and organizations from social engineering attacks. Current methods do not consider the context of use when assessing users’ ISA, and therefore they cannot accurately reflect users’ actual behavior, which often depends on that context. In this study, we propose a novel context-based, data-driven, approach for assessing the ISA of users. In this approach, different behavioral and contextual factors, such as spatio-temporal information and browsing habits, are used to assess users’ ISA. Since defining each context explicitly is impractical for a large context space, we utilize a deep neural network to represent users’ contexts implicitly from contextual factors. We evaluate our approach empirically using a real-world dataset of users’ activities collected from 120 smartphone users. The results show that the proposed method and context information improve ISA assessment accuracy significantly.
KW - Deep learning
KW - Human factors
KW - Information security awareness
KW - Mobile devices
UR - http://www.scopus.com/inward/record.url?scp=85129385033&partnerID=8YFLogxK
U2 - 10.1016/j.knosys.2022.108709
DO - 10.1016/j.knosys.2022.108709
M3 - Article
AN - SCOPUS:85129385033
SN - 0950-7051
VL - 246
JO - Knowledge-Based Systems
JF - Knowledge-Based Systems
M1 - 108709
ER -