{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T17:31:52Z","timestamp":1772299912526,"version":"3.50.1"},"reference-count":36,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,3,22]],"date-time":"2018-03-22T00:00:00Z","timestamp":1521676800000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ARO","award":["W911NF11103, W911NF09102, W911NF1410358 and W911NF1110344"],"award-info":[{"award-number":["W911NF11103, W911NF09102, W911NF1410358 and W911NF1110344"]}]},{"name":"ONR","award":["N00014-15-1-2007"],"award-info":[{"award-number":["N00014-15-1-2007"]}]},{"name":"Maryland Procurement Office under Contract","award":["H98230-14-C-0137"],"award-info":[{"award-number":["H98230-14-C-0137"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Intell. Syst. Technol."],"published-print":{"date-parts":[[2017,7,31]]},"abstract":"<jats:p>Despite growing speculation about the role of human behavior in cyber-security of machines, concrete data-driven analysis and evidence have been lacking. Using Symantec\u2019s WINE platform, we conduct a detailed study of 1.6 million machines over an 8-month period in order to learn the relationship between user behavior and cyber attacks against their personal computers. We classify users into 4 categories (gamers, professionals, software developers, and others, plus a fifth category comprising everyone) and identify a total of 7 features that act as proxies for human behavior. For each of the 35 possible combinations (5 categories times 7 features), we studied the relationship between each of these seven features and one dependent variable, namely the number of attempted malware attacks detected by Symantec on the machine. Our results show that there is a strong relationship between several features and the number of attempted malware attacks. Had these hosts not been protected by Symantec\u2019s anti-virus product or a similar product, they would likely have been infected. Surprisingly, our results show that software developers are more at risk of engaging in risky cyber-behavior than other categories.<\/jats:p>","DOI":"10.1145\/2890509","type":"journal-article","created":{"date-parts":[[2017,3,23]],"date-time":"2017-03-23T12:19:44Z","timestamp":1490271584000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks"],"prefix":"10.1145","volume":"8","author":[{"given":"Michael","family":"Ovelg\u00f6nne","sequence":"first","affiliation":[{"name":"UMIACS, Univ. of Maryland, College Park, MD"}]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[{"name":"Dept. of Elect. Eng. and UMIACS, Univ. of Maryland, College Park, MD"}]},{"given":"B. Aditya","family":"Prakash","sequence":"additional","affiliation":[{"name":"Dept. of Computer Science, Virginia Tech., Blacksburg, VA"}]},{"given":"V. S.","family":"Subrahmanian","sequence":"additional","affiliation":[{"name":"Dept. of Computer Science and UMIACS, Univ. of Maryland, College Park, MD"}]},{"given":"Benjamin","family":"Wang","sequence":"additional","affiliation":[{"name":"Dept. of Computer Science, Virginia Tech., Blacksburg, VA"}]}],"member":"320","published-online":{"date-parts":[[2017,3,22]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.techsoc.2010.07.001"},{"key":"e_1_2_1_2_1","unstructured":"Mustaque Ahamad Dave Amster Michael Barrett Tom Cross George Heron Don Jackson Jeff King Wenke Lee Ryan Naraine Gunter Ollmann et al. 2008. Emerging cyber threats report for 2009. (2008)."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168615"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.75"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2008.30"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 2nd Workshop on Large-scale Data Mining: Theory and Applications (LDMTA","volume":"25","author":"Chau Duen Horng","year":"2010","unstructured":"Duen Horng Chau, Carey Nachenberg, Jeffrey Wilhelm, Adam Wright, and Christos Faloutsos. 2010. Polonium: Tera-scale graph mining for malware detection. In Proceedings of the 2nd Workshop on Large-scale Data Mining: Theory and Applications (LDMTA 2010), Vol. 25."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028071"},{"key":"e_1_2_1_8_1","volume-title":"USENIX Security Symposium (August","author":"Cowan Crispin","year":"2013","unstructured":"Crispin Cowan. 2013. Windows 8 Security: Supporting User Confidence. USENIX Security Symposium (August 2013)."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1716383.1734092"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.09.010"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978683"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382283"},{"key":"e_1_2_1_13_1","volume-title":"90&percnt","author":"AVG Viruslab Research Group","unstructured":"AVG Viruslab Research Group. 2013. AVG Insight: 90&percnt; of game hacks infected with malware. Retrieved from http:\/\/blogs.avg.com\/news-threats\/avg-insight-90-game-hacks-infected-malware\/."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2002.1106162"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.0811973106"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.10.007"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/2017470.2017478"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2835776.2835834"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516747"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00007-5"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"e_1_2_1_22_1","volume-title":"APT1: Exposing One of China\u2019s Cyber Espionage Units. Mandiant Whitepaper. (Feb","year":"2013","unstructured":"Mandiant. 2013. APT1: Exposing One of China\u2019s Cyber Espionage Units. Mandiant Whitepaper. (Feb. 2013)."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2016904.2016908"},{"key":"e_1_2_1_24_1","volume-title":"CARO 2010","author":"Niemel\u00e4 Jarno","year":"2010","unstructured":"Jarno Niemel\u00e4. 2010. It\u2019s signed, therefore it\u2019s clean, right? CARO 2010 (2010)."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the IT Security Conference for the Next Generation.","author":"Niki Aikaterinaki","year":"2009","unstructured":"Aikaterinaki Niki. 2009. Drive-by download attacks: Effects and detection measures. In Proceedings of the IT Security Conference for the Next Generation."},{"key":"e_1_2_1_26_1","volume-title":"The Elderwood Project. Symantec Whitepaper. (Oct","author":"O\u2019Gorman Gavin","year":"2012","unstructured":"Gavin O\u2019Gorman and Geoff McDonald. 2012. The Elderwood Project. Symantec Whitepaper. (Oct. 2012)."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2492517.2500244"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1323128.1323132"},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of the Network and Distributed System Security (NDSS) Symposium","author":"Rajab Moheeb Abu","year":"2013","unstructured":"Moheeb Abu Rajab, Lucas Ballard, No\u00e9 Lutz, Panayiotis Mavrommatis, and Niels Provos. 2013. CAMP: Content-agnostic malware protection. In Proceedings of the Network and Distributed System Security (NDSS) Symposium. San Diego, CA."},{"key":"e_1_2_1_30_1","unstructured":"Bruce Schneier. 2000. Semantic attacks: The third wave of network attacks. Retrieved from https:\/\/www.schneier.com\/crypto-gram-0010.html#1."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753383"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1897852.1897872"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029618.1029624"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720288"},{"key":"e_1_2_1_35_1","volume-title":"Symantec Internet Security Threat Report","author":"Symantec Corporation","year":"2011","unstructured":"Symantec Corporation. 2012. Symantec Internet Security Threat Report, Volume 17. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_2011_21239364.en-us.pdf."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251421.1251435"}],"container-title":["ACM Transactions on Intelligent Systems and Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2890509","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2890509","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2890509","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:28:45Z","timestamp":1763458125000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2890509"}},"subtitle":["A Data-Driven Approach"],"short-title":[],"issued":{"date-parts":[[2017,3,22]]},"references-count":36,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,7,31]]}},"alternative-id":["10.1145\/2890509"],"URL":"https:\/\/doi.org\/10.1145\/2890509","relation":{},"ISSN":["2157-6904","2157-6912"],"issn-type":[{"value":"2157-6904","type":"print"},{"value":"2157-6912","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,3,22]]},"assertion":[{"value":"2015-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-01-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-03-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}