Computing Reviews

Mixed-initiative security agents
Greenstadt R., Afroz S., Brennan M.  AISec 2009 (Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, Chicago, IL, Nov 9, 2009)35-38,2009.Type:Proceedings
Date Reviewed: 07/08/10

In this position paper, the authors advocate for a mixed-initiative approach in mitigating security decisions. Arguably, the decisions that (frequently, not well-informed) users make on the Internet often make them vulnerable to security risks. Using a mechanism that collects contextual information and collaborates with the users when security-related decisions are to be made would better mitigate the current sources of risk in the cyberworld. The authors advocate for heavier use of artificial intelligence (AI) and human-computer interaction (HCI) methods in the field of computer security in general that go beyond the almost omnipresent Captcha and similar technologies.

The conceptual solution proposed in the paper consists of a security decision agent that interacts with the user and the software application in use on one side, and the knowledge bases on the Internet on the other; it contains modules for adversarial learning, context extraction, machine-generated explanations, and decision-making that interact with the knowledge base or the user/application, as needed.

As Greenstadt, Afroz, and Brennan state in their conclusion: “Those [people] who are less educated and computer savvy face larger risks and are often preyed upon by identity thieves, scammers, and other attackers. They are used to build the infrastructure (botnets) to attack more hardened targets. Improving security decision-making at the end-user level can have a broad impact on overall computer security.”

It is interesting to read papers such as this one that formalize ideas that many share, but much work is left to be done to see how efficient they would be.

Reviewer:  Goran Trajkovski Review #: CR138149 (1101-0101)

Reproduction in whole or in part without permission is prohibited.   Copyright 2024 ComputingReviews.com™
Terms of Use
| Privacy Policy