Browsing by Author "Hodges, Duncan"

Now showing 1 - 14 of 14
  • Thumbnail Image
    ItemOpen Access
    ACD-G: Enhancing autonomous cyber defense agent generalization through graph embedded network representation
    (International Conference on Machine Learning, 2022-07-23) Collyer, Josh; Andrew, Alex; Hodges, Duncan
    The adoption of autonomous cyber defense agents within real-world contexts requires them to be able to cope with differences between their training and target environments, bridging the simulation to real gap to provide robust, generalized defensive responses. Whilst the simulation to real gap has been studied in-depth across domains such as robotics, to date there has been minimal research considering generalizability in the context of cyber defense agents and how differences in observation space could enhance agent generalizability when placed into environments that differ from the training environment. Within this paper, we propose a method of enhancing agent generalizability and performance within unseen environments by integrating a graph embedded network representation into the agent’s observation space. We then compare agent performance with and without a graph embedded network representation based observation space within a series of randomized cyber defense simulations. We find that there is a trade-off between the effectiveness of the graph embedding representation and the complexity of the graph, in terms of node count and number of edges.
  • Thumbnail Image
    ItemOpen Access
    An analysis of the writing of ‘suicide cult’ members
    (Oxford Academic, 2021-06-03) Hodges, Duncan; Paxton-Fear, Katie
    The infamous ‘Heaven’s Gate cult’ committed a mass suicide in 1995 believing members of the group would achieve salvation through bodily transformation and departure aboard UFOs. The group left a large volume of writing available as a book and a website which outlined their belief structure. This writing, largely by the group’s leaders Ti and Do, is supplemented by ‘exit statements’ written by the group members. We analysed these writings and demonstrated how the texts evolve from accessible texts for recruiting individuals into the group through more complex texts for cementing the belief structure and reinforcing the ingroup. We also identify differences in the ‘exit statements’ that demonstrate the ideas and concepts that gained traction with the group members.
  • Thumbnail Image
    ItemOpen Access
    Clicka: Collecting and leveraging identity cues with keystroke dynamics
    (Elsevier, 2022-06-09) Buckley, Oliver; Hodges, Duncan; Windle, Jonathan; Earl, Sally
    The way in which IT systems are usually secured is through the use of username and password pairs. However, these credentials are all too easily lost, stolen or compromised. The use of behavioural biometrics can be used to supplement these credentials to provide a greater level of assurance in the identity of an authenticated user. However, user behaviours can also be used to ascertain other identifiable information about an individual. In this paper we build upon the notion of keystroke dynamics (the analysis of typing behaviours) to infer an anonymous user’s name and predict their native language. This work found that there is a discernible difference in the ranking of bigrams (based on their timing) contained within the name of a user and those that are not. As a result we propose that individuals will reliably type information they are familiar with in a discernibly different way. In our study we found that it should be possible to identify approximately a third of the bigrams forming an anonymous users name purely from how (not what) they type.
  • Thumbnail Image
    ItemOpen Access
    Deconstructing who you play: character choice in online gaming
    (Elsevier, 2018-06-18) Hodges, Duncan; Buckley, Oliver
    The major growth in gaming over the last five to ten years has been through the expansion in online gaming, with the most frequent gamers now playing more games online than with others in person. The increase in cooperative multiplayer online gaming, where players who do not know each other come together in teams to achieve a common goal, leads to interesting social situations. The research in this paper is focussed on the online multiplayer game Overwatch, in this game playable characters are grouped into a number of classes and characters within these classes. A player chooses the character at the start of a given round, and whilst they can change the character during the game round this is generally undesirable. In this research we were interested in how players go about selecting a character for a given round of the game, this is a complex interaction where a player has to balance between personal character preference (either a character they enjoy playing or is well-mapped to their playstyle and skill) and ensuring a team has a balance of player classes. The interaction is complicated by the online nature meaning it is difficult to reward a team-mate for selecting a character they may not wish to play or playing a character which may mean they will perform poorly but the team will win. We recruited over 1000 Overwatch players and surveyed them on how they make their character choices within the game, they were also asked to complete various psychometric tests. We found that a gamers player ‘type’ (i.e. Killer, Achiever, Explorer or Socialiser) was defined by their agreeableness and their gender. We also found that player’s choice of character class was related to their level of agreeableness and extroversion modulated by the player’s gender. We also found that those who rate highly in conscientiousness and agreeableness and are socialisers or achievers were more likely to choose a character in order to achieve a balanced team rather than personal preference. The research is unique in the scale and number of respondents, it also addresses a problem in co-operative gaming where players must negotiate the composition of a team. This negotiation is often performed without any background knowledge of other player’s skill levels, this is the first study at this scale considering this within the context of co-operative online gaming.
  • Thumbnail Image
    ItemOpen Access
    Individual differences in the adoption and secure use of smart home technology
    (British Academy of Management, 2020-09-09) Williams, Emma; Slade, Emma; Hodges, Duncan; Morgan, Phillip
    This developmental paper focuses on work that is currently being conducted to investigate individual differences in the adoption and secure use of smart home-based technologies by consumers. Specifically, the research focuses on individual differences in two primary psychological characteristics (risk taking propensity and impulsivity), technology adoption propensity, and a range of socio-demographic factors (including age, gender, and education level), to explore their potential influence on the adoption and secure use of smart home technologies at the consumer level. Through an online survey in December 2019-January 2020, 633 responses were collected from UK-based participants. These data will be discussed at the conference in order to understand the potential for further development and analysis of the data collected in relation to various theoretical perspectives, thus maximizing the potential theoretical contribution of the research across the management discipline.
  • Thumbnail Image
    ItemOpen Access
    An investigation into the sensitivity of personal information and implications for disclosure: a UK perspective
    (Frontiers, 2022-06-30) Belen-Saglam, Rahime; Nurse, Jason R. C.; Hodges, Duncan
    The perceived sensitivity of information is a crucial factor in both security and privacy concerns and the behaviors of individuals. Furthermore, such perceptions motivate how people disclose and share information with others. We study this topic by using an online questionnaire where a representative sample of 491 British citizens rated the sensitivity of different data items in a variety of scenarios. The sensitivity evaluations revealed in this study are compared to prior results from the US, Brazil and Germany, allowing us to examine the impact of culture. In addition to discovering similarities across cultures, we also identify new factors overlooked in the current research, including concerns about reactions from others, personal safety or mental health and finally, consequences of disclosure on others. We also highlight a difference between the regulatory perspective and the citizen perspective on information sensitivity. We then operationalized this understanding within several example use-cases exploring disclosures in the healthcare and finance industry, two areas where security is paramount. We explored the disclosures being made through two different interaction means: directly to a human or chatbot mediated (given that an increasing amount of personal data is shared with these agents in industry). We also explored the effect of anonymity in these contexts. Participants showed a significant reluctance to disclose information they considered “irrelevant” or “out of context” information disregarding other factors such as interaction means or anonymity. We also observed that chatbots proved detrimental to eliciting sensitive disclosures in the healthcare domain; however, within the finance domain, there was less effect. This article's findings provide new insights for those developing online systems intended to elicit sensitive personal information from users.
  • Thumbnail Image
    ItemOpen Access
    Pathways to identity: using visualization to aid law enforcement in identification tasks
    (Springer, 2014-09-18) Bruce, Joe; Scholtz, Jean; Hodges, Duncan; Emanuel, Lia; Fraser, Danaë Stanton; Creese, Sadie; Love, Oriana J.
    The nature of identity has changed dramatically in recent years and has grown in complexity. Identities are defined in multiple domains: biological and psychological elements strongly contribute, but biographical and cyber elements also are necessary to complete the picture. Law enforcement is beginning to adjust to these changes, recognizing identity’s importance in criminal justice. The SuperIdentity project seeks to aid law enforcement officials in their identification tasks through research of techniques for discovering identity traits, generation of statistical models of identity and analysis of identity traits through visualization. We present use cases compiled through user interviews in multiple fields, including law enforcement, and describe the modeling and visualization tools design to aid in those use cases.
  • Thumbnail Image
    ItemOpen Access
    Personal information: perceptions, types and evolution
    (Elsevier, 2022-03-26) Saglam, Rahime Belen; Nurse, Jason R. C.; Hodges, Duncan
    Advances in technology have made us as a society think more about cyber security and privacy, particularly how we consider and protect personal information. Such developments have introduced a temporal dimension to the definition of personal information and we have also witnessed new types of data emerging (e.g., phone sensor data, stress level measurements). These rapid technological changes introduce several challenges as legislation is often inadequate, and therefore questions regularly arise pertaining whether information should be considered personal or sensitive and thereby better protected. In this paper, therefore, we look to significantly advance research into this domain by investigating how personal information is regarded in governmental legislations/regulations, privacy policies of applications, and academic research articles. Through an assessment of how personal information has evolved and is perceived differently (e.g., in the context of sensitivity) across these key stakeholders, this work contributes to the understanding of the fundamental disconnects present and also the social implications of new technologies. Furthermore, we introduce a series of novel taxonomies of personal information which can significantly support and help guide how researchers and practitioners work with, or develop tools to protect, such information.
  • Thumbnail Image
    ItemOpen Access
    A picture tells a thousand words: what Facebook and Twitter images convey about our personality
    (Elsevier, 2017-01) Whitty, Monica Therese; Doodson, James; Creese, Sadie; Hodges, Duncan
    Researchers have questioned whether there is a relationship between personality and patterns of online self-presentation. This paper examined, more specifically, whether personality predicts profile choices as well as image choice behaviour on two different SNSs: Twitter and Facebook. We found that personality does, to some extent, predict choices regarding profile images; however, not always in the direction we predicted and results differed across sites. We found that participants who scored higher on conscientiousness and lower on extraversion were more likely to change their Facebook profile image. Participants who scored lower on extraversion were more likely to choose a Twitter profile image that included a photograph of themselves compared to participants who scored higher on extraversion. For participants whose Facebook profile image was a photograph of themselves, a greater proportion of participants selected a recent photograph from the past six months. However, this was not the case for Twitter. We conclude that personality can predict some image choices and behaviours that might be useful for future work on authentication and identification, although other predictor variables are potentially also important when considering the types of individual characteristics which might predict online behaviour on SNSs.
  • Thumbnail Image
    ItemOpen Access
    Privacy concerns in chatbot interactions: when to trust and when to worry
    (Springer, 2021-07-03) Belen Saglam, Rahime; Nurse, Jason R. C.; Hodges, Duncan
    Through advances in their conversational abilities, chatbots have started to request and process an increasing variety of sensitive personal information. The accurate disclosure of sensitive information is essential where it is used to provide advice and support to users in the healthcare and finance sectors. In this study, we explore users’ concerns regarding factors associated with the use of sensitive data by chatbot providers. We surveyed a representative sample of 491 British citizens. Our results show that the user concerns focus on deleting personal information and concerns about their data’s inappropriate use. We also identified that individuals were concerned about losing control over their data after a conversation with conversational agents. We found no effect from a user’s gender or education but did find an effect from the user’s age, with those over 45 being more concerned than those under 45. We also considered the factors that engender trust in a chatbot. Our respondents’ primary focus was on the chatbot’s technical elements, with factors such as the response quality being identified as the most critical factor. We again found no effect from the user’s gender or education level; however, when we considered some social factors (e.g. avatars or perceived ‘friendliness’), we found those under 45 years old rated these as more important than those over 45. The paper concludes with a discussion of these results within the context of designing inclusive, digital systems that support a wide range of users.
  • Thumbnail Image
    ItemOpen Access
    Reconstructing what you said: Text Inference using Smartphone Motion
    (IEEE, 2018-06-02) Hodges, Duncan; Buckley, Oliver
    Smartphones and tablets are becoming ubiquitous within our connected lives and as a result these devices are increasingly being used for more and more sensitive applications, such as banking. The security of the information within these sensitive applications is managed through a variety of different processes, all of which minimise the exposure of this sensitive information to other potentially malicious applications on the device. This paper documents experiments with motion sensors on the device as a side-channel for inferring the text typed into a sensitive application. These sensors are freely accessible without the phone user having to give permission. The research was able to, on average, identify nearly 30% of typed bigrams from unseen words, using a very small volume of training data, less than the size of a tweet. Given the redundancy in language this performance is often enough to understand the phrase being typed. We found that large devices were more vulnerable than small devices, as were users who held the device in one hand whilst typing with fingers. Of those bigrams which were incorrectly identified 60% of the errors involved the space bar and nearly half of the errors are within two keys on the keyboard.
  • Thumbnail Image
    ItemOpen Access
    Sharing secrets with agents: improving sensitive disclosures using chatbots
    (Springer, 2021-07-03) Buckley, Oliver; Nurse, Jason R. C.; Wyer, Natalie; Dawes, Helen; Hodges, Duncan; Earl, Sally; Belen Saglam, Rahime
    There is an increasing shift towards the use of conversational agents, or chatbots, thanks to their inclusion in consumer hardware (e.g. Alexa, Siri and Google Assistant) and the growing number of essential services moving online. A chatbot allows an organisation to deal with a large volume of user queries with minimal overheads, which in turn allows human operators to deal with more complex issues. In this paper we present our work on maximising responsible, sensitive disclosures to chatbots. The paper focuses on two key studies, the first of which surveyed participants to establish the relative sensitivity of a range of disclosures. From this, we found that participants were equally comfortable making financial disclosures to a chatbot as to a human. The second study looked to support the dynamic personalisation of the chatbot in order to improve the disclosures. This was achieved by exploiting behavioural biometrics (keystroke and mouse dynamics) to identify demographic information about anonymous users. The research highlighted that a fusion approach, combining both keyboard and mouse dynamics, was the most reliable predictor of these biographic characteristics.
  • Thumbnail Image
    ItemOpen Access
    Understanding insider threat attacks using natural language processing: automatically mapping organic narrative reports to existing insider threat frameworks
    (Springer, 2020-07-10) Paxton-Fear, Katie; Hodges, Duncan; Buckley, Oliver
    Traditionally cyber security has focused on defending against external threats, over the last decade we have seen an increasing awareness of the threat posed by internal actors. Current approaches to reducing this risk have been based upon technical controls, psychologically understanding the insider’s decision-making processes or sociological approaches ensuring constructive workplace behaviour. However, it is clear that these controls are not enough to mitigate this threat with a 2019 report suggesting that 34% of breaches involved internal actors. There are a number of Insider threat frameworks that bridge the gap between these views, creating a holistic view of insider threat. These models can be difficult to contextualise within an organisation and hence developing actionable insight is challenging. An important task in understanding an insider attack is to gather a 360-degree understanding of the incident across multiple business areas: e.g. co-workers, HR, IT, etc. can be key to understanding the attack. We propose a new approach to gathering organic narratives of an insider threat incident that then uses a computational approach to map these narratives to an existing insider threat framework. Leveraging Natural Language Processing (NLP) we exploit a large collection of insider threat reporting to create an understanding of insider threat. This understanding is then applied to a set of reports of a single attack to generate a computational representation of the attack. This representation is then successfully mapped to an existing, manual insider threat framework.
  • Thumbnail Image
    ItemOpen Access
    User identification using games
    (Springer, 2016-06-21) Buckley, Oliver; Hodges, Duncan
    There is a significant shift towards a digital identity and yet the most common means of user authentication, username and password pairs, is an imperfect system. In this paper we present the notion of using videogames, specifically Tetris, to supplement traditional authentication methods and provide an additional layer of identity validation. Two experiments were undertaken that required participants to play a modified version of Tetris; the first experiment with a randomly ordered set of pieces and the second with the pieces appearing in a fixed order. The results showed that even simple games like Tetris demonstrate significant complexity in the available game states and that while some users displayed repeatable strategic behaviour, others were effectively random in their behaviours exhibiting no discernible strategy or repeatable behaviour. However, some pieces and gameboard scenarios encouraged users to exhibit behaviours that are more unique than others.