Rethinking Human Factors for Online Security: Gang Wang, Virginia Tech
Human factors are playing a critical role in the security of today's online systems.
Abstract: Human factors are playing a critical role in the security of today’s online systems. On one hand, human factors are still a weak link, constantly exploited by attackers to launch serious attacks. On the other hand, human (expert) intelligence is instrumental in detecting and combating new threats (e.g., zero-days) that automated methods such as machine learning often fail to capture.
In this talk, I will describe our efforts to improve security through human augmentation. The goal is twofold: (1) to understand and defend against new attacks that target users and user-facing systems, and (2) to integrate human intelligence to construct more robust security defenses. First, I will describe our recent investigation of a new class of attacks against road navigation systems via GPS spoofing. Through empirical measurements and user studies, I will illustrate how advanced attackers can succeed even in the presence of human drivers. Second, I will share our recent results on improving the trust and robustness of security systems by generating "human-interpretable" outputs. By building an explanation system for deep learning based security applications, we allow security analysts to diagnose system errors and patch model weaknesses. Finally, I conclude by highlighting my future plans of using data-driven approaches to augmenting security defenses for both humans and algorithms.
Bio: Gang Wang is an Assistant Professor of Computer Science at Virginia Tech. He obtained his Ph.D. from UC Santa Barbara in 2016, and a B.E. from Tsinghua University in 2010. His research focuses on human (user) aspects of Internet security. His work takes a data-driven approach to addressing emerging security threats in massive communication systems (social networks, email services), mobile applications, crowdsourcing systems, and enterprise networks. He is a recipient of the NSF CAREER Award (2018), Google Faculty Research Award (2017), ACM CCS Outstanding Paper Award (2018), and SIGMETRICS Best Practical Paper Award (2013). His research has appeared in a diverse set of top-tier venues in Security, Measurement, and HCI. His projects have been covered by media outlets such as MIT Technology Review, The New York Times, Boston Globe, CNN, and New Scientist.