Leveraging web and behavioural data for usable adaptive cybersecurity
There has been a general consensus in the computer security research community that the usability of cybersecurity is critical to maintaining and improving the security of information systems. However, the human element of cybersecurity is still not well understood hence the problem of designing sec...
| Main Author: | |
|---|---|
| Format: | Thesis (University of Nottingham only) |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/56813/ |
| _version_ | 1848799385971851264 |
|---|---|
| author | Addae, Joyce Hoese |
| author_facet | Addae, Joyce Hoese |
| author_sort | Addae, Joyce Hoese |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | There has been a general consensus in the computer security research community that the usability of cybersecurity is critical to maintaining and improving the security of information systems. However, the human element of cybersecurity is still not well understood hence the problem of designing security with unfriendly user interfaces persists. A major challenge in addressing the human component of cybersecurity is the lack of reliable behavioural data on users’ online security actions. This thesis establishes an integrated view of online security-related attitudes and behaviours to facilitate the personalisation of cybersecurity tools. To do this, a design research approach involving behavioural science and machine learning techniques is adopted for an in-depth analysis of users’ online security behaviour and implication for design of cybersecurity mechanisms.
As part of understanding users’ attitude towards cybersecurity, studies were conducted to explore how users interact with web browser security features for their personal privacy and digital security online. Current interfaces designed for security in web browsers are plagued with several usability issues. This thesis proposes an improvement to these interfaces. The solution introduced here includes a user-centred design of personalized cybersecurity-related interfaces with a minimalistic and modern aesthetic design that incorporates the concept of adaptive automation.
The study identified critical cybersecurity attributes that are susceptible to individual characteristics which provided a basis for the development of effective countermeasures for different user profiles. These findings were synthesised into two cybersecurity artefacts --- SecAdapt versions 1 and 2 as proofs of concept for the proposed framework for personalised adaptive cybersecurity. The results of a usability study conducted to evaluate the prototype showed that SecAdapt was more efficient and effective when performing tasks to achieve specific cybersecurity goals compared to existing browser security controls. Most of the participants also found SecAdapt to be more user-friendly and clearly supported the proposed design concept for personalised adaptive cybersecurity and the benefits that it provides. Insights from this research can be useful in minimising the gap between people and cybersecurity in order to promote more frequent and correct usage of security tools and reduce human errors and dissatisfaction. |
| first_indexed | 2025-11-14T20:34:50Z |
| format | Thesis (University of Nottingham only) |
| id | nottingham-56813 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T20:34:50Z |
| publishDate | 2019 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-568132025-02-28T14:32:38Z https://eprints.nottingham.ac.uk/56813/ Leveraging web and behavioural data for usable adaptive cybersecurity Addae, Joyce Hoese There has been a general consensus in the computer security research community that the usability of cybersecurity is critical to maintaining and improving the security of information systems. However, the human element of cybersecurity is still not well understood hence the problem of designing security with unfriendly user interfaces persists. A major challenge in addressing the human component of cybersecurity is the lack of reliable behavioural data on users’ online security actions. This thesis establishes an integrated view of online security-related attitudes and behaviours to facilitate the personalisation of cybersecurity tools. To do this, a design research approach involving behavioural science and machine learning techniques is adopted for an in-depth analysis of users’ online security behaviour and implication for design of cybersecurity mechanisms. As part of understanding users’ attitude towards cybersecurity, studies were conducted to explore how users interact with web browser security features for their personal privacy and digital security online. Current interfaces designed for security in web browsers are plagued with several usability issues. This thesis proposes an improvement to these interfaces. The solution introduced here includes a user-centred design of personalized cybersecurity-related interfaces with a minimalistic and modern aesthetic design that incorporates the concept of adaptive automation. The study identified critical cybersecurity attributes that are susceptible to individual characteristics which provided a basis for the development of effective countermeasures for different user profiles. These findings were synthesised into two cybersecurity artefacts --- SecAdapt versions 1 and 2 as proofs of concept for the proposed framework for personalised adaptive cybersecurity. The results of a usability study conducted to evaluate the prototype showed that SecAdapt was more efficient and effective when performing tasks to achieve specific cybersecurity goals compared to existing browser security controls. Most of the participants also found SecAdapt to be more user-friendly and clearly supported the proposed design concept for personalised adaptive cybersecurity and the benefits that it provides. Insights from this research can be useful in minimising the gap between people and cybersecurity in order to promote more frequent and correct usage of security tools and reduce human errors and dissatisfaction. 2019-07-06 Thesis (University of Nottingham only) NonPeerReviewed application/pdf en arr https://eprints.nottingham.ac.uk/56813/1/JoyceAddae_6515229_Thesis_20190527.pdf Addae, Joyce Hoese (2019) Leveraging web and behavioural data for usable adaptive cybersecurity. PhD thesis, University of Nottingham. Cybersecurity Human-Computer Interaction Behavioural analytics Adaptive automation Security-related attitudes User modeling |
| spellingShingle | Cybersecurity Human-Computer Interaction Behavioural analytics Adaptive automation Security-related attitudes User modeling Addae, Joyce Hoese Leveraging web and behavioural data for usable adaptive cybersecurity |
| title | Leveraging web and behavioural data for usable adaptive cybersecurity |
| title_full | Leveraging web and behavioural data for usable adaptive cybersecurity |
| title_fullStr | Leveraging web and behavioural data for usable adaptive cybersecurity |
| title_full_unstemmed | Leveraging web and behavioural data for usable adaptive cybersecurity |
| title_short | Leveraging web and behavioural data for usable adaptive cybersecurity |
| title_sort | leveraging web and behavioural data for usable adaptive cybersecurity |
| topic | Cybersecurity Human-Computer Interaction Behavioural analytics Adaptive automation Security-related attitudes User modeling |
| url | https://eprints.nottingham.ac.uk/56813/ |