Cybersafety Threats - from Deception to Aggression

Motivation

This Dagstuhl Seminar is motivated by the increased relevance of malicious activities in cyberspace. These activities include the broad scope of cybersafety threats:

• Cyber deception: phishing, cyber fraud, fake news, propaganda
• Cyber aggression: cyberbullying, hate speech, radicalization

Attack strategies include controlling and operating fake or compromised social media accounts, artificially manipulating the reputation of online entities, spreading false information, and manipulating users via psychological principles of influence into performing behaviors that are counter to their best interests and benefit the attackers.

So far, computer science research on cybersafety has looked at the various sub-problems in isolation, mostly relying on algorithms aimed at threat detection, and without considering the implications of the attacks and countermeasures for individual users as well as for society. On the other hand, human factors and social science researchers often consider user interfaces and social interactions without taking full advantage of the algorithmic, data-driven cybersafety research. Moreover, the legal and ethical implications of attacks and countermeasures are often unclear.

This seminar aims at an interdisciplinary discussion on detection and mitigation of cybersafety threats. It brings together researchers working on all aspects of cybersafety, including information security and privacy, usability, cybercrime, economics, sociology, psychology, and neuroscience, legal aspects and policy. This seminar builds on research directions identified in its predecessor Dagstuhl Seminar 17372 “Cybersafety in Modern Online Social Networks”. The examples of the issues to be considered in the interdisciplinary working groups include (but are not limited to):

• How might we cluster different types of threats, based on psychological, sociological, legal, and technical variables so as to better design countermeasures?
• What are the incentives of the attackers, and how can those incentives be curbed? How do attackers organize and choose their targets, and what is the role of technology in their targeting strategies?
• Do Internet users need some protective skills or tools? If yes, which ones, and what psychological, social, legal, and economic limitations may apply to the acquisition of these skills?
• What data is ethically and legally acceptable to be used in detection, mitigation, and prevention of attacks? How can we identify both victims and perpetrators, without extensive intervention and while respecting users’ privacy?
• What are the limitations of the current algorithmic threat mitigation strategies and technical mitigation tools? Can technical improvements offer adequate protection? How can biases in data collection and algorithms be detected?
• How to address false positives generated by automated threat detection tools, such that the users do not lose trust in the Web platforms and are not harmed?
• What is the role of policy and regulation in countering cybersafety threats?

As the results of the seminar, we envision the development of new research directions and interdisciplinary collaborations concerning the above questions.