Browsing by Author "Buckley, Oliver"
Now showing 1 - 6 of 6
Results Per Page
Sort Options
Item Open Access Clicka: Collecting and leveraging identity cues with keystroke dynamics(Elsevier, 2022-06-09) Buckley, Oliver; Hodges, Duncan; Windle, Jonathan; Earl, SallyThe way in which IT systems are usually secured is through the use of username and password pairs. However, these credentials are all too easily lost, stolen or compromised. The use of behavioural biometrics can be used to supplement these credentials to provide a greater level of assurance in the identity of an authenticated user. However, user behaviours can also be used to ascertain other identifiable information about an individual. In this paper we build upon the notion of keystroke dynamics (the analysis of typing behaviours) to infer an anonymous user’s name and predict their native language. This work found that there is a discernible difference in the ranking of bigrams (based on their timing) contained within the name of a user and those that are not. As a result we propose that individuals will reliably type information they are familiar with in a discernibly different way. In our study we found that it should be possible to identify approximately a third of the bigrams forming an anonymous users name purely from how (not what) they type.Item Open Access Deconstructing who you play: character choice in online gaming(Elsevier, 2018-06-18) Hodges, Duncan; Buckley, OliverThe major growth in gaming over the last five to ten years has been through the expansion in online gaming, with the most frequent gamers now playing more games online than with others in person. The increase in cooperative multiplayer online gaming, where players who do not know each other come together in teams to achieve a common goal, leads to interesting social situations. The research in this paper is focussed on the online multiplayer game Overwatch, in this game playable characters are grouped into a number of classes and characters within these classes. A player chooses the character at the start of a given round, and whilst they can change the character during the game round this is generally undesirable. In this research we were interested in how players go about selecting a character for a given round of the game, this is a complex interaction where a player has to balance between personal character preference (either a character they enjoy playing or is well-mapped to their playstyle and skill) and ensuring a team has a balance of player classes. The interaction is complicated by the online nature meaning it is difficult to reward a team-mate for selecting a character they may not wish to play or playing a character which may mean they will perform poorly but the team will win. We recruited over 1000 Overwatch players and surveyed them on how they make their character choices within the game, they were also asked to complete various psychometric tests. We found that a gamers player ‘type’ (i.e. Killer, Achiever, Explorer or Socialiser) was defined by their agreeableness and their gender. We also found that player’s choice of character class was related to their level of agreeableness and extroversion modulated by the player’s gender. We also found that those who rate highly in conscientiousness and agreeableness and are socialisers or achievers were more likely to choose a character in order to achieve a balanced team rather than personal preference. The research is unique in the scale and number of respondents, it also addresses a problem in co-operative gaming where players must negotiate the composition of a team. This negotiation is often performed without any background knowledge of other player’s skill levels, this is the first study at this scale considering this within the context of co-operative online gaming.Item Open Access Reconstructing what you said: Text Inference using Smartphone Motion(IEEE, 2018-06-02) Hodges, Duncan; Buckley, OliverSmartphones and tablets are becoming ubiquitous within our connected lives and as a result these devices are increasingly being used for more and more sensitive applications, such as banking. The security of the information within these sensitive applications is managed through a variety of different processes, all of which minimise the exposure of this sensitive information to other potentially malicious applications on the device. This paper documents experiments with motion sensors on the device as a side-channel for inferring the text typed into a sensitive application. These sensors are freely accessible without the phone user having to give permission. The research was able to, on average, identify nearly 30% of typed bigrams from unseen words, using a very small volume of training data, less than the size of a tweet. Given the redundancy in language this performance is often enough to understand the phrase being typed. We found that large devices were more vulnerable than small devices, as were users who held the device in one hand whilst typing with fingers. Of those bigrams which were incorrectly identified 60% of the errors involved the space bar and nearly half of the errors are within two keys on the keyboard.Item Open Access Sharing secrets with agents: improving sensitive disclosures using chatbots(Springer, 2021-07-03) Buckley, Oliver; Nurse, Jason R. C.; Wyer, Natalie; Dawes, Helen; Hodges, Duncan; Earl, Sally; Belen Saglam, RahimeThere is an increasing shift towards the use of conversational agents, or chatbots, thanks to their inclusion in consumer hardware (e.g. Alexa, Siri and Google Assistant) and the growing number of essential services moving online. A chatbot allows an organisation to deal with a large volume of user queries with minimal overheads, which in turn allows human operators to deal with more complex issues. In this paper we present our work on maximising responsible, sensitive disclosures to chatbots. The paper focuses on two key studies, the first of which surveyed participants to establish the relative sensitivity of a range of disclosures. From this, we found that participants were equally comfortable making financial disclosures to a chatbot as to a human. The second study looked to support the dynamic personalisation of the chatbot in order to improve the disclosures. This was achieved by exploiting behavioural biometrics (keystroke and mouse dynamics) to identify demographic information about anonymous users. The research highlighted that a fusion approach, combining both keyboard and mouse dynamics, was the most reliable predictor of these biographic characteristics.Item Open Access Understanding insider threat attacks using natural language processing: automatically mapping organic narrative reports to existing insider threat frameworks(Springer, 2020-07-10) Paxton-Fear, Katie; Hodges, Duncan; Buckley, OliverTraditionally cyber security has focused on defending against external threats, over the last decade we have seen an increasing awareness of the threat posed by internal actors. Current approaches to reducing this risk have been based upon technical controls, psychologically understanding the insider’s decision-making processes or sociological approaches ensuring constructive workplace behaviour. However, it is clear that these controls are not enough to mitigate this threat with a 2019 report suggesting that 34% of breaches involved internal actors. There are a number of Insider threat frameworks that bridge the gap between these views, creating a holistic view of insider threat. These models can be difficult to contextualise within an organisation and hence developing actionable insight is challenging. An important task in understanding an insider attack is to gather a 360-degree understanding of the incident across multiple business areas: e.g. co-workers, HR, IT, etc. can be key to understanding the attack. We propose a new approach to gathering organic narratives of an insider threat incident that then uses a computational approach to map these narratives to an existing insider threat framework. Leveraging Natural Language Processing (NLP) we exploit a large collection of insider threat reporting to create an understanding of insider threat. This understanding is then applied to a set of reports of a single attack to generate a computational representation of the attack. This representation is then successfully mapped to an existing, manual insider threat framework.Item Open Access User identification using games(Springer, 2016-06-21) Buckley, Oliver; Hodges, DuncanThere is a significant shift towards a digital identity and yet the most common means of user authentication, username and password pairs, is an imperfect system. In this paper we present the notion of using videogames, specifically Tetris, to supplement traditional authentication methods and provide an additional layer of identity validation. Two experiments were undertaken that required participants to play a modified version of Tetris; the first experiment with a randomly ordered set of pieces and the second with the pieces appearing in a fixed order. The results showed that even simple games like Tetris demonstrate significant complexity in the available game states and that while some users displayed repeatable strategic behaviour, others were effectively random in their behaviours exhibiting no discernible strategy or repeatable behaviour. However, some pieces and gameboard scenarios encouraged users to exhibit behaviours that are more unique than others.