Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security. Repeated warnings about being vigilant, for example, often go unheeded as people fail to recognize the dangers of seemingly innocuous actions such as downloading files. On top of that, some “mistakes” are actually the result of deliberation. Users – both regular staff and members of the information – often disable security features of their computers, because those features slow things down or make the computer more complicated to use.
Yet according to Dr Blythe, such human factors are often overlooked when security systems are tested. This is partly because it would be impractical to manipulate the behavior of users in ways that would give meaningful results. He and his colleagues have therefore created a way of testing security systems with computer programs called cognitive agents. These agents’ motives and behaviors can be fine-tuned to mess things up with the same aplomb as a real employee. The difference is that what happened can be analyzed precisely afterwards.
Another factor that can influence an agent’s behavior is its physiology. Agents can get tired and become hungry, just like people. According to Dr Blythe, “we have focused mainly on fatigue, the physical need to go to the bathroom.” And agents may also skive off, choosing to switch to a spot of web browsing on a synthetic internet that the researchers have created for the purpose.
The team plans a full-scale test later this year, but preliminary results, which Dr Blythe will present to the Association for the Advancement of Artificial Intelligence’s 25th annual conference in San Francisco on August 9th, look promising. In time, then, Dr Blythe’s agents may serve to vindicate another familiar saying about computers: that behind every error blamed on computers there are at least two human errors, including the error of blaming it on the computer.<>
No comments:
Post a Comment