social science experiment
Post on 03-Jan-2016
26 Views
Preview:
DESCRIPTION
TRANSCRIPT
Social Science Experiment
Jan-Willem Bullee
2 Cyber-crime Science
Background
Effectiveness of authority on compliance
We can get some of the answers from» Literature (Meta-analysis)
» Attacker stories/interviews
But the answers are inconclusive» Different context
» Hard to measure human nature
» Difficult to standardize behaviour.
3 Cyber-crime Science
Principles of Persuasion
Authority» More likely to listen to an police officer
Conformity» Peer pressure
Commitment» Say yes to something small first
Reciprocity» Return the favour
Liking» People like you and me
Scarcity» Wanting the ungettable
5 Cyber-crime Science
Literature on Authority
Classical Milgram Shock Experiment» 66% full compliance
[Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
5 Cyber-crime Science
Introduction Key Experiment
Get something from an employee
Equal to password or PIN
Intervention
Impersonate
5 Cyber-crime Science
Experimental Setup
Design
Intervention» Written memo
» Key-chain
» Poster
R1 X OR2 O
5 Cyber-crime Science
Hypotheses
H0: Intervention and Control comply equally
H0: Authority and Control comply equally
H0: Effect of Authority on compliance
5 Cyber-crime Science
Results
351 rooms targeted» N=118 (33,6%) populated
Demographics Targets» Female: 24 (20%) Male: 94 (80%)
» Mage = 34, range (23-63) years
Overall compliance distribution» 52.5%/47.5%
5 Cyber-crime Science
Results
5 Cyber-crime Science
Results
Intervention distribution» 60%/40%
H0: Intervention and Control comply equally» χ²-test
» Hypothesis rejected
5 Cyber-crime Science
Results
Authority distribution» ≈50/50
H0: Authority and Control comply equally» χ²-test
» Hypothesis accepted
5 Cyber-crime Science
Results
Effect of authority» Logistic Regression
» Employees that did not get the intervention are 2.84 times morelikely to give their key away
Intervention Give Key
5 Cyber-crime Science
Results
Effect of authority» Logistic Regression
» Employees that did not get the intervention are 2.84 times morelikely to give their key away
» Authority: No effect
Intervention
Authority
Give Key
5 Cyber-crime Science
Results
Comments:» “Great test!” “Cool Experiment” “Interesting study”
» “I had doubts” “Having an keychain is important”
» “Suspicious looking box”
» “Guy in suit looked LESS trustworthy”
» “Asked for my ID”
» “Trusted me since I looked friendly”
» “I feel stupid”
» “I didn’t wanted to give the key, but did it anyway”
5 Cyber-crime Science
Take Home Message
Children, animals, people never react the way you want.
Limited availability in July and August
You are not important for others
…unless you want to break the system
1/3 of employees works on a Wednesday in September
2.84 times higher odds to get key if no intervention
10 Cyber-crime Science
Charging Mobile Phone
10 Cyber-crime Science
Charging Mobile Phone
What are the security considerations of the users of a public mobile phone charger?» What is the use rate of the device (per number of
people at that location per hour),
» Why do people use (or not) the system?
» How do the safety perceptions of the current users differ between the former users and the non-users.
You are the researchers!
10 Cyber-crime Science
Crime Prevention
CPTED Framework (Crime Prevention Through Environmental Design)
Activity Support» Eyes on the street» Unfortunately: also provides opportunity» Overall crimes are reduced by increasing activity
[Coz05] Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): a review and modern bibliography. Property management, 23(5), 328-356.
10 Cyber-crime Science
Hypotheses
H0: Cabinets in busy and quite areas are equally used.
H0: Cabinets with surveillance (e.g. service desk) and with no surveillance are equally used.
H0: Cabinets in lunch hours (e.g. lunch) and lecture hours are equally used.
11 Cyber-crime Science
Our Design
Researchers: You (Student)
Target: Fellow Students and Employee
Goal: Observe» Observe and interview people
Interface: Face 2 Face
Count people and short questionnaire
12 Cyber-crime Science
Method : Our design
2 experimental conditions» Users of the system / non users of the system
6 locations» Experimental: Bastille, Hal-B, Horst and Spiegel» Control: ITC (city center), Ravelijn
13 Cyber-crime Science
Method : Our procedure
Subjects from the experimental building» Teams of 1 researcher» One minute count: the people that pass-by» Approach users of the system
Subjects from the control building» Teams of 2 researchers
» Interview people walking in the area
More details on the course-site
15 Cyber-crime Science
What to do
Before Tuesday 9 September» Register in the Doodle
On 10, 17 (and 24) September» 09:30 - 09:50 Briefing at ZI4047
» Travel to location
» 10:30 - 12:45 Experiment
» 12:45 - 13:30 Break and travel
» 13:30 - 15:45 Experiment part 2
16 Cyber-crime Science
What to do
We have permission to do this only at» UT: Bastille, Hal-B, Horst, Ravelijn, Spiegel and ITC
Enter your data in SPSS» Directly after the attack
» Come to me ZI4047
Earn 0.5 (out of 10) bonus points
17 Cyber-crime Science
Ethical issues
Informed consent not possible
Zero risk for the subjects
Approved by facility management
Consistent with data protection (PII form)
Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/
18 Cyber-crime Science
Conclusion
Designing research involves:» Decide what data are needed
» Decide how to collect the data
» Use validated techniques where possible
» Experimental Design, pilot, evaluate and improve
» Training, data gathering
19 Cyber-crime Science
Further Reading[Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895
[Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295
[Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.
top related