Natsai Masamvu, Karen Bradshaw
Abstract
Traditionally network security has focussed on building more secure and more powerful intrusion prevention systems to protect against information security threats. Ironically, it has been shown in numerous studies that human beings are the weakest link in any security breach.
Theoretical studies in psychology and information security suggest that there is a relationship between an individual’s personality traits amongst other variables, and that individual’s security behaviour. This study aims to simulate human security behaviour to gain a better understanding of how individual factors of personality traits relate to success or failure of software engineered attacks.
An agent-based model is created, with individual agent’s behaviour represented using a set of static and dynamic properties comprising the agent’s personality, which is one of the core variables underpinning behaviour as identified in the literature. An agent’s susceptibility to a software engineering attack is then measured in relation to the agent’s interaction with objects in the environment that are primed to elicit information from the agent.
The results collected confirmed the existence of a relationship between personality and susceptibility to social engineering attacks based on theoretical data. These results, are nonetheless still subject to testing against ground truths based on actual data.