Noam Ben-AsherArmy Research Laboratory | ALC · CISD
Noam Ben-Asher
PhD
About
45
Publications
18,441
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,173
Citations
Introduction
Additional affiliations
June 2017 - present
October 2008 - October 2011
September 2014 - present
Publications
Publications (45)
Background:
Over the years, PTWs' number of accidents have increased dramatically and have accounted for a high percentage of the total traffic fatalities. The majority of those accidents occur in daylight, clear weather, and at light to moderate traffic conditions. The current study included two experiments. The first experiment evaluated the inf...
An ideal system should be usable and secure. However, increasing the security of a system often makes its use more cumbersome and less efficient. This tradeoff between usability and security poses major challenges for system designers. System security may be impaired when users override or ignore security features to facilitate the use of the syste...
In this paper, we describe a new approach to analyze the trade-off between usability and security frequently found in security-related user interfaces. The approach involves the simulation of potential user interaction behavior by a mixed probabilistic and rule-driven state machine. On the basis of the simulations, user behavior in security-relevan...
Mobile phones are rapidly becoming small-size general purpose computers, so-called smartphones. However, applications and data stored on mobile phones are less protected from unauthorized access than on most desktop and mobile computers. This paper presents a survey on users' security needs, awareness and concerns in the context of mobile phones. I...
Given the global challenges of security, both in physical and cyber worlds, security agencies must optimize the use of their limited resources. To that end, many security agencies have begun to use "security game" algorithms, which optimally plan defender allocations, using models of adversary behavior that have originated in behavioral game theory...
Strategic resource control poses a trade-off to attackers and defenders. Actions that reclaim control of a resource pose costs, but control of a resource by an adversary also poses costs. Thus, strategy is required to maximize outcomes. Research on the Dark Triad of personality has suggested that Machiavellianism is associated with a strategic orie...
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, adva...
Today’s high-stakes adversarial interactions feature attackers who constantly breach the ever-improving security measures. Deception mitigates the defender’s loss by misleading the attacker to make suboptimal decisions. In order to formally reason about deception, we introduce the feature deception problem (FDP), a domain-independent model and pres...
Ben-Asher and Meyer (2018) developed a model of risk-related behavior in computer systems, named the Triad of Risk-related Behavior (TriRB). It identified three behaviors – the exposure to risk, the use of security features and the responses to security indications. Various factors affected the three behaviors differently. We report an experiment w...
We study the spatiotemporal correlation of terrorist attacks by al-Qaeda, ISIS, and local insurgents, in six geographical areas identified via $k$-means clustering applied to the Global Terrorism Database. All surveyed organizations exhibit near-repeat activity whereby a prior attack increases the likelihood of a subsequent one by the same group wi...
Significance
We examine near-repeat activity patterns of al-Qaeda, ISIS, and local insurgents, whereby a first terrorist attack temporarily increases the likelihood of a second one by the same group. We observe heightened near-repeat activity for all organizations in six geographic clusters and quantify the effect to persist within 20 km and 4 to 1...
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, adva...
Cybersecurity analysts ingest and process significant amounts of data from diverse sources in order to acquire network situation awareness. Visualizations can enhance the efficiency of analysts' workflow by providing contextual information, various sets of cybersecurity related data, information regarding alerts, among others. However, textual disp...
Today's high-stakes adversarial interactions feature attackers who constantly breach the ever-improving security measures. Deception mitigates the defender's loss by misleading the attacker to make suboptimal decisions. In order to formally reason about deception, we introduce the feature deception game (FDG), a domain-independent game-theoretic mo...
Objective:
We identify three risk-related behaviors in coping with cyber threats-the exposure to risk a person chooses, use of security features, and responses to security indications. The combinations of behaviors that users choose determine how well they cope with threats and the severity of adverse events they experience.
Background:
End user...
The human visual system is generally more adept at inferring meaning from graphical objects and natural scene elements than reading alphanumeric characters. Graphical objects like charts and graphs in cybersecurity dashboards often lack the requisite numbers of features to depict behaviors of complex network data. For example, bar charts afford few...
Information technology is the center of gravity of everyday human activity. From the eyes of a citizen, a company, or a nation, successful every day activities need to be conducted while being aware of cyber security and protection, aiming to anticipate possible criminal activities that would damage our property (both physical and intellectual) and...
Cybersecurity is one of most critical concerns for any organization, as frequency and severity of cyber attacks constantly increase, resulting in loss of vital assets and/or services. To preserve key security goals such as confidentiality, integrity, and availability, a variety of defense techniques have been introduced. While intrusion detection s...
The North Atlantic Treaty Organization (NATO) Exploratory Team meeting, "Model-Driven Paradigms for Integrated Approaches to Cyber Defense," was organized by the NATO Science and Technology Organization's (STO) Information Systems and Technology (IST) panel and conducted its meetings and electronic exchanges during 2016. This report describes the p...
Modern day detection of cyber threats is a highly manual process where teams of human analysts flag suspicious events while using assistive tools such as Bro and Snort. It is the analysts’ ability to discern suspicious activity and authority to make decisions on threats that place humans into central roles in the threat detection process. However,...
An essential skill in security involves categorizing events based on observed event attributes. That is, determining threat level and priority of the event when choosing an appropriate response action. To explore the basic mechanisms of learning and decision making, we conducted two experiments wherein participants were asked to categorize security...
Given the global challenges of security, both in physical and cyber worlds, security agencies must optimize the use of their limited resources. To that end, many security agencies have begun to use "security game" algorithms, which optimally plan defender allocations, using models of adversary behavior that have originated in behavioral game theory...
Security is an important concern worldwide. Stackelberg Security Games have been used successfully in a variety of security applications, to optimally schedule limited defense resources by modeling the interaction between attackers and defenders. Prior research has suggested that it is possible to classify adversary behavior into distinct groups of...
Despite the significant effort directed toward securing important cyber systems, many remain vulnerable to advanced, targeted cyber intrusion. Today, most systems that provide network services employ a fixed software stack that typically includes an operating system, web servers, and database software. This software mix as a whole constitutes the a...
In this paper we outline a holistic approach for understanding and simulating human decision making in knowledge-intensive tasks. To this purpose, we integrate semantic and cognitive models in a hybrid computational architecture. The contribution of the paper is twofold: first we describe a packet-centric ontology to represent network traffic. We s...
Human cognitive and analytical capabilities are needed and are indispensable to success in cyber defense. However, the high volume of network data challenges the process of detecting cyber-attacks, especially zero-day attacks. Training along with detailed and timely outcome feedback is a major factor in improving performance. It supports attributes...
Cyber-war is a growing form of threat to our society that involves multiple players executing simultaneously offensive and defensive operations. Given that cyber space is hyper dimensional and dynamic, human decision making must also incorporate numerous attributes and must be agile and adaptive. In this chapter, we review how computational models...
Leadership has been extensively discussed for a long time in the literature by describing the ideal traits of a leader, emphasizing the positive influence of the good leader on group, team, and organization performance. Although many different types and traits of leadership have been proposed, little work has considered the pivotal fact that the le...
As the previous chapters emphasized, the human cognition—and the technology necessary to support it—are central to Cyber Situational Awareness. Therefore, this chapter focuses on challenges and approaches to integration of information technology and computational representations of human situation awareness. To illustrate these aspects of CSA, the...
Understanding human dynamics of cyber security is a critical step for enhancing situation awareness of analysts. To this end, in this paper we focus on the requirements for building a comprehensive model of cyber analyst's decision making processes: we embrace an approach that leverages on cognitive aspects and knowledge representation to define th...
We analyze the dynamics of repeated interaction of two players in the Prisoner's Dilemma (PD) under various levels of interdependency information and propose an instance-based learning cognitive model (IBL-PD) to explain how cooperation emerges over time. Six hypotheses are tested regarding how a player accounts for an opponent's outcomes: the self...
The search for different options before making a consequential choice is a central aspect of many important decisions, such as mate selection or purchasing a house. Despite its importance, surprisingly little is known about how search and choice are affected by the observed and objective properties of the decision problem. Here, we analyze the effe...
The way information is presented, using description or experience, can influence the decision making process. However, little is currently known on how descriptive information is accounted for in subsequent experiential learning. In this paper, we use a computational model based upon Instance-based Learning Theory (IBLT) and use it to study hypothe...
This symposium is co-sponsored by the Human Performance Modeling Technical Group (HPM-TG) of the Human Factors & Ergonomics Society. Three Research Talks and a Panel Discussion were presented. Each talk used a different style of cognitive modeling and addressed a different problem of interest to the human factors community. For the Panel Dis-cussio...
Cyber attacks cause major disruptions of online operations, and might lead to data and revenue loss. Thus, appropriately training security analysts, human decision makers who arc in charge of protecting the infrastructure of a corporate network from cyber attacks, on different frequencies of cyber threats (base-rates) is indispensable to improving...
The editor's decision where and how to place items on a screen is crucial for the design of information displays, such as websites. We developed a statistical model that can facilitate automating this process by predicting the perceived importance of screen items from their location and size. The model was developed based on a 2-step experiment in...
One way to secure Information Technology (IT) systems is with authentication mechanisms that distinguish between users. Users
who differ in their cognitive and motor abilities, cultural background and personal characteristics should be able to operate
the IT system including its security features. If system design fails to consider user diversity,...
Security mechanisms may require users to deal with the tradeoff between risky and efficient or safer yet less efficient use of a production system. We present an experimental sys-tem (microworld), based on the Tetris game, that can serve as a research tool for studying behavior regarding the usabil-ity and security tradeoff. This paper describes th...
Technological developments and the addition of new features to existing applications or services require the inclu sion of security mechanisms to protect the user. When using these mechanisms the user faces a tradeoff between more risky and more e fficient or safer and less efficient use of the system. We disc uss this tradeoff and present a novel...
We describe a design project of a future electronic news device and service. The project employs about 20 researchers, designers and developers. It uses advances in product technologies and in social computing to deal with the challenges of transferring the print newspaper reading experience onto a mobile, hand-held device, and of transferring the...
We describe interaction design challenges of developing an e-ink based device for the delivery of a personalized news service. The paper describes, from a human-computer interaction perspective, the design process, design requirements and solutions, and the challenges that the design team faced during the development process.